Vulnerability-Lookup

RHSA-2020:4062

Vulnerability from csaf_redhat - Published: 2020-09-29 19:00 - Updated: 2026-03-04 06:58

Summary

Red Hat Security Advisory: kernel-rt security and bug fix update

Severity

Important

Notes

Topic: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in sound/core/timer.c (CVE-2019-19807) * kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551) * kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836) * kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454) * kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458) Space precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article: https://access.redhat.com/articles/5442481 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2017-18551

An out of bounds (OOB) memory access flaw was found in i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c in I2C subsystem. A read request for length (data->block[0]) greater than 'I2C_SMBUS_BLOCK_MAX + 1' may cause underlying I2C driver write out of array's boundary. This could allow a local attacker with special user privilege (or root) to crash the system or leak kernel internal information.

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. https://access.redhat.com/errata/RHSA-2020:4062

Workaround Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

CVE-2018-20836

A flaw was found in the Linux kernel’s implementation of the SAS expander subsystem, where a race condition exists in the smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. An attacker could abuse this flaw to corrupt memory and escalate privileges.

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-366 - Race Condition within a Thread

CVE-2019-9454

An out-of-bounds write flaw was found in the i2c driver in the Linux kernel. This flaw allows an attacker to escalate privileges with system execution privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2019-9458

A flaw was found in the Linux kernel's video driver. A race condition, leading to a use-after-free, could lead to a local privilege escalation. User interaction is not needed for exploitation.

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Workaround To mitigate this issue, prevent modules v4l2-common, v4l2-dv-timings from being loaded if not being used for primary display. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

CVE-2019-15217

A vulnerability was found in the Linux kernel. The Zr364xx USB device driver is susceptible to malicious USB devices. An attacker able to add a specific USB device could cause a crash leading to a denial of service.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Workaround To mitigate this issue, prevent module zr364xx from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

CVE-2019-15807

A memory leak flaw was found in the Linux kernel. An error in the resource cleanup of the sas_ex_discover_expander function can allow an attacker to induce error conditions that could crash the system. The highest threat from this vulnerability is to system availability.

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

CVE-2019-15917

A flaw was found in the Linux kernel's implementation of the HCI UART driver. A local attacker with access permissions to the Bluetooth device can issue an ioctl, which triggers the hci_uart_set_proto() function in drivers/bluetooth/hci_ldisc.c. The flaw in this function can cause memory corruption or a denial of service because of a use-after-free issue when the hci_uart_register_dev() fails.

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Workaround To mitigate this issue, prevent module hci_uart from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

CVE-2019-16231

A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the alloc_workqueue return was not validated and causes a denial of service at the time of failure. The highest threat from this vulnerability is to system availability.

4.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

CVE-2019-16233

A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to alloc_workqueue return was not validated and can cause a denial of service. The highest threat from this vulnerability is to system availability.

4.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

CVE-2019-16994

A flaw was found in the way the sit_init_net function in the Linux kernel handled resource cleanup on errors. This flaw allows an attacker to use the error conditions to crash the system.

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

CVE-2019-17053

A vulnerability was discovered in the Linux kernel's AF_IEEE802154 networking module where permissions checks are not enforced. This can allow an unprivileged user to create raw sockets for this protocol leading to the potential for data leaks or system unavailability.

4.0 (Medium)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-250 - Execution with Unnecessary Privileges

CVE-2019-17055

A vulnerability was found in the Linux kernel’s implementation of the AF_ISDN protocol, which does not enforce the CAP_NET_RAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISDN circuit.

4.0 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-250 - Execution with Unnecessary Privileges

Workaround At this time the only known way to 'mitigate' this flaw is to blacklist the kernel module from being loaded. Creating raw sockets with this protocol is a method of communicating with ISDN hardware, a technology that is becoming less and less common. Check https://access.redhat.com/solutions/41278 for instructions on how to disable the mISDN_core.ko module.

CVE-2019-18808

A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Workaround In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module ccp. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278

CVE-2019-19046

A memory leak problem was found in __ipmi_bmc_register in drivers/char/ipmi/ipmi_msghandler.c in Intelligent Platform Management Interface (IPMI) which is used for incoming and outgoing message routing purpose. This flaw may allow an attacker with minimal privilege to cause a denial of service by triggering ida_simple_get() failure.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

CVE-2019-19055

A flaw was found in the Linux kernel. The Wireless configuration API functionality mishandles resource cleanup in nl80211_get_ftm_responder_stats function. An attacker able to trigger the resource cleanup code path could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Workaround In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module cfg80211. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

CVE-2019-19058

A flaw was found in the Linux kernel. The Intel Wireless WiFi MVM Firmware driver mishandles resource cleanup during device coredump. An attacker able to trigger the device coredump and system-wide out of memory conditions at the same time could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Workaround In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module iwlmvm. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

CVE-2019-19059

A flaw was found in the way the Intel Wireless driver in the Linux kernel handled resource cleanup during Gen 3 device initialization. This flaw allows an attacker with the ability to restrict access to DMA coherent memory on device initialization, to crash the system.

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Workaround In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module iwlwifi. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

CVE-2019-19062

A flaw was found in the Linux kernel. The crypto_report function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Workaround In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module crypto_user. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

CVE-2019-19063

A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Workaround In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module rtl8192cu. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

CVE-2019-19332

An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.

6.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-787 - Out-of-bounds Write

CVE-2019-19447

A flaw was found in the Linux kernel's ext4_unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI.

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Workaround Ext4 filesytems are built into the kernel so it is not possible to prevent the kernel module from loading. However, this flaw can be prevented by disallowing mounting of untrusted filesystems. As mounting is a privileged operation, (except for device hotplug) removing the ability for mounting and unmounting will prevent this flaw from being exploited.

CVE-2019-19523

A flaw was found in the Linux kernel’s implementation for ADU devices from Ontrak Control Systems, where an attacker with administrative privileges and access to a local account could pre-groom the memory and physically disconnect or unload a module. The attacker must be able to access either of these two events to trigger the use-after-free, and then race the access to the use-after-free, to create a situation where key USB structs can be manipulated into corrupting memory.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-476 - NULL Pointer Dereference

Workaround As the system module will be auto-loaded when a device that uses the driver is attached (via USB), its use can be disabled by preventing the module from loading with the following instructions: # echo "install adutux /bin/true" >> /etc/modprobe.d/disable-adutux.conf The system will need to be restarted if the adutux module are loaded. In most circumstances, the kernel modules will be unable to be unloaded while any hardware is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

CVE-2019-19524

A use-after-free flaw was found in the Linux kernel’s input device driver functionality when unplugging a device. A user with physical access could use this flaw to crash the system.

4.6 (Medium)


                        
                          CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-416 - Use After Free

Workaround To mitigate this issue for the Red Hat Enterprise Linux 7 or higher version, prevent module ff-memless from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

CVE-2019-19530

A use-after-free flaw was found in the acm_probe USB subsystem in the Linux kernel. A race condition occurs when a destroy() procedure is initiated allowing the refcount to decrement on the interface so early that it is never under counted. A malicious USB device is required for exploit. System availability is the largest threat from the vulnerability, however data integrity and confidentiality are also threatened.

5.7 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-416 - Use After Free

CVE-2019-19534

An information-leak flaw was found in the Linux kernel's pcan USB driver. When a device using this driver connects to the system, the stack information is leaked to the CAN bus, a controller area network for automobiles. The highest threat with this vulnerability is breach of data confidentiality.

4.6 (Medium)


                        
                          CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Workaround As the devices module will be auto-loaded when the USB CAN bus adapter is connected, its can be disabled by preventing the module from loading with the following instructions: # echo "install peak_usb /bin/true" >> /etc/modprobe.d/disable-peak-usb-canbus.conf The system will need to be restarted if the peak_usb module is already loaded. In most circumstances, the kernel modules will be unable to be unloaded while any CAN bus interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

CVE-2019-19537

A flaw was found in the Linux kernel, where there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer. An attacker who can hotplug at least two devices of this class can cause a use-after-free situation.

4.2 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Workaround Many Character devices can trigger this flaw as they leverage the lower levels of the USB subsystem. The safest method that I have found would be to disable USB ports that are able to be attacked using this method, disable them first by disallowing them from waking up from low-power states with the command (Replace X with the port number available). echo disabled >> /sys/bus/usb/devices/usbX/power/wakeup The system must also disable the specific ports power after with the command: echo suspend | sudo tee /sys/bus/usb/devices/usbX/power/level This change not persist through system reboots and must be applied at each reboot to be effective.

CVE-2019-19767

A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when inode expansion happens.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-416 - Use After Free

Workaround The mitigation is not to use debug_want_extra_isize parameter when mounting ext4 FS.

CVE-2019-19807

A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct snd_timer_instance function fails the timer->max_instances check leading to an invalid address. This could lead to a use-after-free vulnerability.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Workaround Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.

CVE-2019-20054

A flaw was found in the Linux kernel’s implementation of dropping sysctl entries. A local attacker who has access to load modules on the system can trigger a condition during module load failure and panic the system.

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2019-20095

A flaw was found in the Linux kernel's mwifiex driver implementation when connecting to other WiFi devices in "Test Mode." A kernel memory leak can occur if an error condition is met during the parameter negotiation. This issue can lead to a denial of service if multiple error conditions meeting the repeated connection attempts are attempted.

5.2 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CWE-772 - Missing Release of Resource after Effective Lifetime

Workaround As connecting to a wireless device is not automatic and initiated by a user, not connecting to rogue access points would prevent this flaw from being abused.

CVE-2019-20636

An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

CVE-2020-1749

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-319 - Cleartext Transmission of Sensitive Information

Workaround Disabling the IPV6 protocol may be a suitable workaround for systems that do not require the protocol to function correctly, however, if IPV6 is not in use this flaw will not be triggered.

CVE-2020-2732

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to potentially access information of the L1 hypervisor.

5.8 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

CVE-2020-8647

A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures.

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Workaround The attack vector can be significantly reduced by preventing users from being able to log into the local virtual console. See the instructions on disabling local login here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pam_configuration_files , See the section on "pam_console" to deny users logging into the console. This mechanism should work from el6 forward to current versions of Red Hat Enterprise Linux.

CVE-2020-8649

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds read can occur, leaking information to the console.

5.9 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-416 - Use After Free

CVE-2020-9383

An out-of-bounds (OOB) memory access flaw was found in the floppy driver module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-125 - Out-of-bounds Read

Workaround Mitigation for this issue is to skip loading the affected floppy driver module onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time. ~~~ How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278 ~~~

CVE-2020-10690

There is a use-after-free problem seen due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

CVE-2020-10732

A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-908 - Use of Uninitialized Resource

Workaround Possible mitigation would be to disable core dumps system-wide by setting: * hard core 0 In the /etc/security/limits.conf file and restarting applications/services/processes which users may have access to or simply reboot the system. This disables core dumps which may not be a suitable workaround in your environment.

CVE-2020-10742

A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.

6.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

CWE-787 - Out-of-bounds Write

CVE-2020-10751

A flaw was found in the Linux kernel’s SELinux LSM hook implementation, where it anticipated the skb would only contain a single Netlink message. The hook incorrectly validated the first Netlink message in the skb only, to allow or deny the rest of the messages within the skb with the granted permissions and without further processing. At this time, there is no known ability for an attacker to abuse this flaw.

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

CVE-2020-10942

A stack buffer overflow issue was found in the get_raw_socket() routine of the Host kernel accelerator for virtio net (vhost-net) driver. It could occur while doing an ictol(VHOST_NET_SET_BACKEND) call, and retrieving socket name in a kernel stack variable via get_raw_socket(). A user able to perform ioctl(2) calls on the '/dev/vhost-net' device may use this flaw to crash the kernel resulting in DoS issue.

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2020-11565

An out-of-bounds write flaw was found in the Linux kernel. An empty nodelist in mempolicy.c is mishandled durig mount option parsing leading to a stack-based out-of-bounds write. The highest threat from this vulnerability is to system availability.

6.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE-787 - Out-of-bounds Write

CVE-2020-12770

A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid (Sg_fd * sfp) pointer at the time of failure, also possibly causing a kernel internal information leak problem.

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

CVE-2020-12826

A flaw was found in the Linux kernel loose validation of child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVE-2020-14305

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Workaround A mitigation to this flaw would be to no longer use IPV6 on affected hardware until the kernel has been updated or to disable Voice Over IP H.323 module. Existing systems that have h323-conntrack-nat kernel module loaded will need to unload the "nf_conntrack_h323" kernel module and blacklist it ( See https://access.redhat.com/solutions/41278 for a guide on how to blacklist modules).

References

URL

Category

	https://access.redhat.com/errata/RHSA-2020:4062	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/documentation/en-us/red…	external
	https://access.redhat.com/articles/5442481	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1427551	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1707796	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1745528	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1747216	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1757368	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1758242	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1758248	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1759681	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1760100	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1760310	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1760420	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1774988	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1775015	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1775021	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1775042	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1775047	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1775074	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1777418	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1779594	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1781679	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1783434	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1783459	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1783518	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1783540	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1783561	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1786078	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1786160	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1788009	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1790063	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1791954	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1802555	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1802563	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1805135	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1809833	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1810685	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1817141	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1817718	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1818818	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1819377	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1822077	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1824059	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1824918	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1831399	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1834845	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1835127	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1839634	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1850716	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2017-18551	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1757368	external
	https://www.cve.org/CVERecord?id=CVE-2017-18551	external
	https://nvd.nist.gov/vuln/detail/CVE-2017-18551	external
	https://access.redhat.com/security/cve/CVE-2018-20836	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1707796	external
	https://www.cve.org/CVERecord?id=CVE-2018-20836	external
	https://nvd.nist.gov/vuln/detail/CVE-2018-20836	external
	https://access.redhat.com/security/cve/CVE-2019-9454	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1818818	external
	https://www.cve.org/CVERecord?id=CVE-2019-9454	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-9454	external
	https://access.redhat.com/security/cve/CVE-2019-9458	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1819377	external
	https://www.cve.org/CVERecord?id=CVE-2019-9458	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-9458	external
	https://access.redhat.com/security/cve/CVE-2019-15217	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1745528	external
	https://www.cve.org/CVERecord?id=CVE-2019-15217	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-15217	external
	https://access.redhat.com/security/cve/CVE-2019-15807	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1747216	external
	https://www.cve.org/CVERecord?id=CVE-2019-15807	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-15807	external
	https://access.redhat.com/security/cve/CVE-2019-15917	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1760100	external
	https://www.cve.org/CVERecord?id=CVE-2019-15917	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-15917	external
	https://access.redhat.com/security/cve/CVE-2019-16231	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1760310	external
	https://www.cve.org/CVERecord?id=CVE-2019-16231	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-16231	external
	https://lkml.org/lkml/2019/9/9/487	external
	https://security.netapp.com/advisory/ntap-2019100…	external
	https://access.redhat.com/security/cve/CVE-2019-16233	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1760420	external
	https://www.cve.org/CVERecord?id=CVE-2019-16233	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-16233	external
	https://access.redhat.com/security/cve/CVE-2019-16994	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1759681	external
	https://www.cve.org/CVERecord?id=CVE-2019-16994	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-16994	external
	https://access.redhat.com/security/cve/CVE-2019-17053	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1758242	external
	https://www.cve.org/CVERecord?id=CVE-2019-17053	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-17053	external
	https://access.redhat.com/security/cve/CVE-2019-17055	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1758248	external
	https://www.cve.org/CVERecord?id=CVE-2019-17055	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-17055	external
	https://access.redhat.com/security/cve/CVE-2019-18808	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1777418	external
	https://www.cve.org/CVERecord?id=CVE-2019-18808	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-18808	external
	https://access.redhat.com/security/cve/CVE-2019-19046	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1774988	external
	https://www.cve.org/CVERecord?id=CVE-2019-19046	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19046	external
	https://access.redhat.com/security/cve/CVE-2019-19055	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1775074	external
	https://www.cve.org/CVERecord?id=CVE-2019-19055	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19055	external
	https://access.redhat.com/security/cve/CVE-2019-19058	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1775047	external
	https://www.cve.org/CVERecord?id=CVE-2019-19058	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19058	external
	https://access.redhat.com/security/cve/CVE-2019-19059	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1775042	external
	https://www.cve.org/CVERecord?id=CVE-2019-19059	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19059	external
	https://access.redhat.com/security/cve/CVE-2019-19062	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1775021	external
	https://www.cve.org/CVERecord?id=CVE-2019-19062	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19062	external
	https://access.redhat.com/security/cve/CVE-2019-19063	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1775015	external
	https://www.cve.org/CVERecord?id=CVE-2019-19063	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19063	external
	https://access.redhat.com/security/cve/CVE-2019-19332	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1779594	external
	https://www.cve.org/CVERecord?id=CVE-2019-19332	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19332	external
	https://lore.kernel.org/kvm/000000000000ea5ec2059…	external
	https://www.openwall.com/lists/oss-security/2019/…	external
	https://access.redhat.com/security/cve/CVE-2019-19447	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1781679	external
	https://www.cve.org/CVERecord?id=CVE-2019-19447	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19447	external
	https://bugzilla.kernel.org/show_bug.cgi?id=205433	external
	https://github.com/bobfuzzer/CVE/tree/master/CVE-…	external
	https://access.redhat.com/security/cve/CVE-2019-19523	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1783434	external
	https://www.cve.org/CVERecord?id=CVE-2019-19523	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19523	external
	https://access.redhat.com/security/cve/CVE-2019-19524	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1783459	external
	https://www.cve.org/CVERecord?id=CVE-2019-19524	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19524	external
	https://access.redhat.com/security/cve/CVE-2019-19530	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1783518	external
	https://www.cve.org/CVERecord?id=CVE-2019-19530	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19530	external
	http://seclists.org/oss-sec/2019/q4/115	external
	http://www.openwall.com/lists/oss-security/2019/12/03/4	external
	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	external
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	external
	https://access.redhat.com/security/cve/CVE-2019-19534	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1783540	external
	https://www.cve.org/CVERecord?id=CVE-2019-19534	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19534	external
	https://access.redhat.com/security/cve/CVE-2019-19537	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1783561	external
	https://www.cve.org/CVERecord?id=CVE-2019-19537	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19537	external
	https://access.redhat.com/security/cve/CVE-2019-19767	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1786160	external
	https://www.cve.org/CVERecord?id=CVE-2019-19767	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19767	external
	https://access.redhat.com/security/cve/CVE-2019-19807	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1786078	external
	https://www.cve.org/CVERecord?id=CVE-2019-19807	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-19807	external
	https://access.redhat.com/security/cve/CVE-2019-20054	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1790063	external
	https://www.cve.org/CVERecord?id=CVE-2019-20054	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-20054	external
	https://access.redhat.com/security/cve/CVE-2019-20095	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1791954	external
	https://www.cve.org/CVERecord?id=CVE-2019-20095	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-20095	external
	https://access.redhat.com/security/cve/CVE-2019-20636	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1824059	external
	https://www.cve.org/CVERecord?id=CVE-2019-20636	external
	https://nvd.nist.gov/vuln/detail/CVE-2019-20636	external
	https://access.redhat.com/security/cve/CVE-2020-1749	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1809833	external
	https://www.cve.org/CVERecord?id=CVE-2020-1749	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-1749	external
	https://access.redhat.com/security/cve/CVE-2020-2732	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1805135	external
	https://www.cve.org/CVERecord?id=CVE-2020-2732	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-2732	external
	https://access.redhat.com/security/cve/CVE-2020-8647	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1802563	external
	https://www.cve.org/CVERecord?id=CVE-2020-8647	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-8647	external
	https://access.redhat.com/security/cve/CVE-2020-8649	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1802555	external
	https://www.cve.org/CVERecord?id=CVE-2020-8649	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-8649	external
	https://access.redhat.com/security/cve/CVE-2020-9383	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1810685	external
	https://www.cve.org/CVERecord?id=CVE-2020-9383	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-9383	external
	https://access.redhat.com/security/cve/CVE-2020-10690	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1817141	external
	https://www.cve.org/CVERecord?id=CVE-2020-10690	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-10690	external
	https://access.redhat.com/security/cve/CVE-2020-10732	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1831399	external
	https://www.cve.org/CVERecord?id=CVE-2020-10732	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-10732	external
	https://access.redhat.com/security/cve/CVE-2020-10742	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1835127	external
	https://www.cve.org/CVERecord?id=CVE-2020-10742	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-10742	external
	https://access.redhat.com/security/cve/CVE-2020-10751	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1839634	external
	https://www.cve.org/CVERecord?id=CVE-2020-10751	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-10751	external
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	external
	https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuA…	external
	https://www.openwall.com/lists/oss-security/2020/…	external
	https://access.redhat.com/security/cve/CVE-2020-10942	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1817718	external
	https://www.cve.org/CVERecord?id=CVE-2020-10942	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-10942	external
	https://access.redhat.com/security/cve/CVE-2020-11565	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1824918	external
	https://www.cve.org/CVERecord?id=CVE-2020-11565	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-11565	external
	https://access.redhat.com/security/cve/CVE-2020-12770	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1834845	external
	https://www.cve.org/CVERecord?id=CVE-2020-12770	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-12770	external
	https://access.redhat.com/security/cve/CVE-2020-12826	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1822077	external
	https://www.cve.org/CVERecord?id=CVE-2020-12826	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-12826	external
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	external
	https://lists.openwall.net/linux-kernel/2020/03/24/1803	external
	https://www.openwall.com/lists/kernel-hardening/2…	external
	https://access.redhat.com/security/cve/CVE-2020-14305	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1850716	external
	https://www.cve.org/CVERecord?id=CVE-2020-14305	external
	https://nvd.nist.gov/vuln/detail/CVE-2020-14305	external
	https://bugs.openvz.org/browse/OVZ-7188	external
	https://patchwork.ozlabs.org/project/netfilter-de…	external

Acknowledgments

Red Hat QE Engineering Xiumei Mu

Red Hat Paolo Bonzini

Red Hat Jay Shin

Adam Zabrocki

Virtuozzo Vasily Averin

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n* kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)\n\n* kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)\n\n* kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n* kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\nSpace precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article:\n\nhttps://access.redhat.com/articles/5442481\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:4062",
        "url": "https://access.redhat.com/errata/RHSA-2020:4062"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/5442481",
        "url": "https://access.redhat.com/articles/5442481"
      },
      {
        "category": "external",
        "summary": "1427551",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427551"
      },
      {
        "category": "external",
        "summary": "1707796",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1707796"
      },
      {
        "category": "external",
        "summary": "1745528",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1745528"
      },
      {
        "category": "external",
        "summary": "1747216",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747216"
      },
      {
        "category": "external",
        "summary": "1757368",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757368"
      },
      {
        "category": "external",
        "summary": "1758242",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758242"
      },
      {
        "category": "external",
        "summary": "1758248",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758248"
      },
      {
        "category": "external",
        "summary": "1759681",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759681"
      },
      {
        "category": "external",
        "summary": "1760100",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760100"
      },
      {
        "category": "external",
        "summary": "1760310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760310"
      },
      {
        "category": "external",
        "summary": "1760420",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760420"
      },
      {
        "category": "external",
        "summary": "1774988",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774988"
      },
      {
        "category": "external",
        "summary": "1775015",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775015"
      },
      {
        "category": "external",
        "summary": "1775021",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775021"
      },
      {
        "category": "external",
        "summary": "1775042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775042"
      },
      {
        "category": "external",
        "summary": "1775047",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775047"
      },
      {
        "category": "external",
        "summary": "1775074",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775074"
      },
      {
        "category": "external",
        "summary": "1777418",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777418"
      },
      {
        "category": "external",
        "summary": "1779594",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779594"
      },
      {
        "category": "external",
        "summary": "1781679",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781679"
      },
      {
        "category": "external",
        "summary": "1783434",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783434"
      },
      {
        "category": "external",
        "summary": "1783459",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783459"
      },
      {
        "category": "external",
        "summary": "1783518",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783518"
      },
      {
        "category": "external",
        "summary": "1783540",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783540"
      },
      {
        "category": "external",
        "summary": "1783561",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783561"
      },
      {
        "category": "external",
        "summary": "1786078",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786078"
      },
      {
        "category": "external",
        "summary": "1786160",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786160"
      },
      {
        "category": "external",
        "summary": "1788009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788009"
      },
      {
        "category": "external",
        "summary": "1790063",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790063"
      },
      {
        "category": "external",
        "summary": "1791954",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791954"
      },
      {
        "category": "external",
        "summary": "1802555",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802555"
      },
      {
        "category": "external",
        "summary": "1802563",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802563"
      },
      {
        "category": "external",
        "summary": "1805135",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805135"
      },
      {
        "category": "external",
        "summary": "1809833",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809833"
      },
      {
        "category": "external",
        "summary": "1810685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810685"
      },
      {
        "category": "external",
        "summary": "1817141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817141"
      },
      {
        "category": "external",
        "summary": "1817718",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817718"
      },
      {
        "category": "external",
        "summary": "1818818",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818818"
      },
      {
        "category": "external",
        "summary": "1819377",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819377"
      },
      {
        "category": "external",
        "summary": "1822077",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
      },
      {
        "category": "external",
        "summary": "1824059",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824059"
      },
      {
        "category": "external",
        "summary": "1824918",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824918"
      },
      {
        "category": "external",
        "summary": "1831399",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831399"
      },
      {
        "category": "external",
        "summary": "1834845",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834845"
      },
      {
        "category": "external",
        "summary": "1835127",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835127"
      },
      {
        "category": "external",
        "summary": "1839634",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1839634"
      },
      {
        "category": "external",
        "summary": "1850716",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850716"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4062.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
    "tracking": {
      "current_release_date": "2026-03-04T06:58:51+00:00",
      "generator": {
        "date": "2026-03-04T06:58:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.2"
        }
      },
      "id": "RHSA-2020:4062",
      "initial_release_date": "2020-09-29T19:00:01+00:00",
      "revision_history": [
        {
          "date": "2020-09-29T19:00:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-09-29T19:00:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-04T06:58:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
                  "product_id": "7Server-NFV-7.9",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras_rt:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux for Real Time (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux for Real Time (v. 7)",
                  "product_id": "7Server-RT-7.9",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras_rt:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-kvm@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-kvm@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-kvm-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                "product": {
                  "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_id": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-kvm-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
                "product": {
                  "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
                  "product_id": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.rt56.1131.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
                "product": {
                  "name": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
                  "product_id": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-1160.rt56.1131.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src"
        },
        "product_reference": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch"
        },
        "product_reference": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
          "product_id": "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-NFV-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src"
        },
        "product_reference": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch"
        },
        "product_reference": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
          "product_id": "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-7.9"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-18551",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2019-08-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1757368"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out of bounds (OOB) memory access flaw was found in i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c in I2C subsystem. A read request for length (data-\u003eblock[0]) greater than \u0027I2C_SMBUS_BLOCK_MAX + 1\u0027 may cause underlying I2C driver write out of array\u0027s boundary. This could allow a local attacker with special user privilege (or root) to crash the system or leak kernel internal information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-18551"
        },
        {
          "category": "external",
          "summary": "RHBZ#1757368",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757368"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-18551",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18551",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18551"
        }
      ],
      "release_date": "2019-08-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c"
    },
    {
      "cve": "CVE-2018-20836",
      "cwe": {
        "id": "CWE-366",
        "name": "Race Condition within a Thread"
      },
      "discovery_date": "2019-05-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1707796"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u2019s implementation of the SAS expander subsystem, where a race condition exists in the smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. An attacker could abuse this flaw to corrupt memory and escalate privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-20836"
        },
        {
          "category": "external",
          "summary": "RHBZ#1707796",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1707796"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-20836",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20836",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20836"
        }
      ],
      "release_date": "2018-09-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free"
    },
    {
      "cve": "CVE-2019-9454",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2019-09-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1818818"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write flaw was found in the i2c driver in the Linux kernel. This flaw allows an attacker to escalate privileges with system execution privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: out of bounds write in i2c driver leads to local escalation of privilege",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9454"
        },
        {
          "category": "external",
          "summary": "RHBZ#1818818",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818818"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9454",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9454",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9454"
        }
      ],
      "release_date": "2019-09-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: out of bounds write in i2c driver leads to local escalation of privilege"
    },
    {
      "cve": "CVE-2019-9458",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-09-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1819377"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s video driver. A race condition, leading to a use-after-free, could lead to a local privilege escalation. User interaction is not needed for exploitation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: use after free due to race condition in the video driver leads to local privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is rated as having Moderate impact, because of the need of additional privileges (usually local console user) to access the video device driver.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9458"
        },
        {
          "category": "external",
          "summary": "RHBZ#1819377",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819377"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9458",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9458",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9458"
        }
      ],
      "release_date": "2019-09-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent modules v4l2-common, v4l2-dv-timings from being loaded if not being used for primary display. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: use after free due to race condition in the video driver leads to local privilege escalation"
    },
    {
      "cve": "CVE-2019-15217",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2019-08-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1745528"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Linux kernel. The Zr364xx USB device driver is susceptible to malicious USB devices. An attacker able to add a specific USB device could cause a crash leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-15217"
        },
        {
          "category": "external",
          "summary": "RHBZ#1745528",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1745528"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15217",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15217"
        }
      ],
      "release_date": "2019-08-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module zr364xx from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver"
    },
    {
      "cve": "CVE-2019-15807",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1747216"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory leak flaw was found in the Linux kernel. An error in the resource cleanup of the sas_ex_discover_expander function can allow an attacker to induce error conditions that could crash the system. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Memory leak in drivers/scsi/libsas/sas_expander.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (system-wide out-of-memory condition, high privileges or physical access).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-15807"
        },
        {
          "category": "external",
          "summary": "RHBZ#1747216",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747216"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15807"
        }
      ],
      "release_date": "2019-08-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: Memory leak in drivers/scsi/libsas/sas_expander.c"
    },
    {
      "cve": "CVE-2019-15917",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-10-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1760100"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s implementation of the HCI UART driver. A local attacker with access permissions to the Bluetooth device can issue an ioctl, which triggers the hci_uart_set_proto() function in drivers/bluetooth/hci_ldisc.c. The flaw in this function can cause memory corruption or a denial of service because of a use-after-free issue when the hci_uart_register_dev() fails.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: use-after-free in drivers/bluetooth/hci_ldisc.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated as a Moderate as it requires the local attacker to have permissions to issue ioctl commands to the bluetooth device and bluetooth hardware to be present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-15917"
        },
        {
          "category": "external",
          "summary": "RHBZ#1760100",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760100"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15917",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15917"
        }
      ],
      "release_date": "2019-09-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module hci_uart from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: use-after-free in drivers/bluetooth/hci_ldisc.c"
    },
    {
      "cve": "CVE-2019-16231",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2019-10-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1760310"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the alloc_workqueue return was not validated and causes a denial of service at the time of failure. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-16231"
        },
        {
          "category": "external",
          "summary": "RHBZ#1760310",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760310"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16231",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16231",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16231"
        },
        {
          "category": "external",
          "summary": "https://lkml.org/lkml/2019/9/9/487",
          "url": "https://lkml.org/lkml/2019/9/9/487"
        },
        {
          "category": "external",
          "summary": "https://security.netapp.com/advisory/ntap-20191004-0001/",
          "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
        }
      ],
      "release_date": "2019-09-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c"
    },
    {
      "cve": "CVE-2019-16233",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2019-10-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1760420"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to alloc_workqueue return was not validated and can cause a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-16233"
        },
        {
          "category": "external",
          "summary": "RHBZ#1760420",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760420"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16233",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16233",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16233"
        },
        {
          "category": "external",
          "summary": "https://lkml.org/lkml/2019/9/9/487",
          "url": "https://lkml.org/lkml/2019/9/9/487"
        }
      ],
      "release_date": "2019-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c"
    },
    {
      "cve": "CVE-2019-16994",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1759681"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way the sit_init_net function in the Linux kernel handled resource cleanup on errors. This flaw allows an attacker to use the error conditions to crash the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Memory leak in sit_init_net() in net/ipv6/sit.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (system-wide out-of-memory condition, high privileges or physical access).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-16994"
        },
        {
          "category": "external",
          "summary": "RHBZ#1759681",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759681"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16994",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16994",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16994"
        }
      ],
      "release_date": "2019-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: Memory leak in sit_init_net() in net/ipv6/sit.c"
    },
    {
      "cve": "CVE-2019-17053",
      "cwe": {
        "id": "CWE-250",
        "name": "Execution with Unnecessary Privileges"
      },
      "discovery_date": "2019-10-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1758242"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was discovered in the Linux kernel\u0027s AF_IEEE802154 networking module where permissions checks are not enforced. This can allow an unprivileged user to create raw sockets for this protocol leading to the potential for data leaks or system unavailability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated as moderate; there are no known exploits using this mechanism as an attack surface against the system affected by this bug.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17053"
        },
        {
          "category": "external",
          "summary": "RHBZ#1758242",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758242"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17053",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17053",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17053"
        }
      ],
      "release_date": "2019-09-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol"
    },
    {
      "cve": "CVE-2019-17055",
      "cwe": {
        "id": "CWE-250",
        "name": "Execution with Unnecessary Privileges"
      },
      "discovery_date": "2019-10-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1758248"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Linux kernel\u2019s implementation of the AF_ISDN protocol, which does not enforce the CAP_NET_RAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISDN circuit.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17055"
        },
        {
          "category": "external",
          "summary": "RHBZ#1758248",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758248"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17055",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17055",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17055"
        }
      ],
      "release_date": "2019-09-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "At this time the only known way to \u0027mitigate\u0027 this flaw is to blacklist the kernel module from being loaded. Creating raw sockets with this protocol is a method of communicating with ISDN hardware, a technology that is becoming less and less common.\n\nCheck https://access.redhat.com/solutions/41278 for instructions on how to disable the mISDN_core.ko module.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol"
    },
    {
      "cve": "CVE-2019-18808",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-11-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1777418"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is rated as having Moderate impact because it affects only specific hardware enabled systems.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-18808"
        },
        {
          "category": "external",
          "summary": "RHBZ#1777418",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777418"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18808",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18808",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18808"
        }
      ],
      "release_date": "2019-11-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module ccp. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c"
    },
    {
      "cve": "CVE-2019-19046",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-11-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1774988"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory leak problem was found in __ipmi_bmc_register in drivers/char/ipmi/ipmi_msghandler.c in Intelligent Platform Management Interface (IPMI) which is used for incoming and outgoing message routing purpose. This flaw may allow an attacker with minimal privilege to cause a denial of service by triggering ida_simple_get() failure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19046"
        },
        {
          "category": "external",
          "summary": "RHBZ#1774988",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774988"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19046",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19046"
        }
      ],
      "release_date": "2019-11-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c"
    },
    {
      "cve": "CVE-2019-19055",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-11-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1775074"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel. The Wireless configuration API functionality mishandles resource cleanup in nl80211_get_ftm_responder_stats function. An attacker able to trigger the resource cleanup code path could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is rated as having Moderate impact because of the preconditions needed to trigger the resource cleanup code path.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19055"
        },
        {
          "category": "external",
          "summary": "RHBZ#1775074",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775074"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19055",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19055",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19055"
        }
      ],
      "release_date": "2019-10-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module cfg80211. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS"
    },
    {
      "cve": "CVE-2019-19058",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-11-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1775047"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel. The Intel Wireless WiFi MVM Firmware driver mishandles resource cleanup during device coredump. An attacker able to trigger the device coredump and system-wide out of memory conditions at the same time could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (system-wide out-of-memory condition).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19058"
        },
        {
          "category": "external",
          "summary": "RHBZ#1775047",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775047"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19058",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19058",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19058"
        }
      ],
      "release_date": "2019-11-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module iwlmvm. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS"
    },
    {
      "cve": "CVE-2019-19059",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-11-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1775042"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way the Intel Wireless driver in the Linux kernel handled resource cleanup during Gen 3 device initialization. This flaw allows an attacker with the ability to restrict access to DMA coherent memory on device initialization, to crash the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (ability to restrict access to dma coherent memory on device initialization).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19059"
        },
        {
          "category": "external",
          "summary": "RHBZ#1775042",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775042"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19059",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19059"
        }
      ],
      "release_date": "2019-11-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module iwlwifi. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS"
    },
    {
      "cve": "CVE-2019-19062",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-11-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1775021"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel. The crypto_report function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the error cleanup code path.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19062"
        },
        {
          "category": "external",
          "summary": "RHBZ#1775021",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775021"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19062",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19062"
        }
      ],
      "release_date": "2019-11-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module crypto_user. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS"
    },
    {
      "cve": "CVE-2019-19063",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-11-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1775015"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (physical access).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19063"
        },
        {
          "category": "external",
          "summary": "RHBZ#1775015",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775015"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19063",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19063"
        }
      ],
      "release_date": "2019-11-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module rtl8192cu. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS"
    },
    {
      "cve": "CVE-2019-19332",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2019-12-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1779594"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds memory write issue was found in the way the Linux kernel\u0027s KVM hypervisor handled the \u0027KVM_GET_EMULATED_CPUID\u0027 ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the \u0027/dev/kvm\u0027 device could use this flaw to crash the system, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.\n\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and 8. Future kernel updates for Red Hat Enterprise Linux 7 and 8 may address this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19332"
        },
        {
          "category": "external",
          "summary": "RHBZ#1779594",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779594"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19332",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19332",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19332"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50@google.com/",
          "url": "https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50@google.com/"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2019/12/16/1",
          "url": "https://www.openwall.com/lists/oss-security/2019/12/16/1"
        }
      ],
      "release_date": "2019-12-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid"
    },
    {
      "cve": "CVE-2019-19447",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1781679"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s ext4_unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19447"
        },
        {
          "category": "external",
          "summary": "RHBZ#1781679",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781679"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19447",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19447"
        },
        {
          "category": "external",
          "summary": "https://bugzilla.kernel.org/show_bug.cgi?id=205433",
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=205433"
        },
        {
          "category": "external",
          "summary": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447",
          "url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447"
        }
      ],
      "release_date": "2019-12-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Ext4 filesytems are built into the kernel so it is not possible to prevent the kernel module from loading.  However, this flaw can be prevented by disallowing mounting of untrusted filesystems.\n\nAs mounting is a privileged operation, (except for device hotplug) removing the ability for mounting and unmounting will prevent this flaw from being exploited.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c"
    },
    {
      "cve": "CVE-2019-19523",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2019-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1783434"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u2019s implementation for ADU devices from Ontrak Control Systems, where an attacker with administrative privileges and access to a local account could pre-groom the memory and physically disconnect or unload a module. The attacker must be able to access either of these two events to trigger the use-after-free, and then race the access to the use-after-free, to create a situation where key USB structs can be manipulated into corrupting memory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19523"
        },
        {
          "category": "external",
          "summary": "RHBZ#1783434",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783434"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19523",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19523",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19523"
        }
      ],
      "release_date": "2019-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "As the system module will be auto-loaded when a device that uses the driver is attached (via USB), its use can be disabled  by preventing the module from loading with the following instructions:\n\n# echo \"install adutux /bin/true\" \u003e\u003e /etc/modprobe.d/disable-adutux.conf\n \nThe system will need to be restarted if the adutux module are loaded. In most circumstances, the kernel modules will be unable to be unloaded while any hardware is in use.\n\nIf the system requires this module to work correctly, this mitigation may not be suitable.\n\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver"
    },
    {
      "cve": "CVE-2019-19524",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-12-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1783459"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw was found in the Linux kernel\u2019s input device driver functionality when unplugging a device. A user with physical access could use this flaw to crash the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19524"
        },
        {
          "category": "external",
          "summary": "RHBZ#1783459",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783459"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19524",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19524",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19524"
        }
      ],
      "release_date": "2019-11-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue for the Red Hat Enterprise Linux 7 or higher version, prevent module ff-memless from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free"
    },
    {
      "cve": "CVE-2019-19530",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-12-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1783518"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw was found in the acm_probe USB subsystem in the Linux kernel. A race condition occurs when a destroy() procedure is initiated allowing the refcount to decrement on the interface so early that it is never under counted. A malicious USB device is required for exploit. System availability is the largest threat from the vulnerability, however data integrity and confidentiality are also threatened.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19530"
        },
        {
          "category": "external",
          "summary": "RHBZ#1783518",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783518"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19530",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19530",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19530"
        },
        {
          "category": "external",
          "summary": "http://seclists.org/oss-sec/2019/q4/115",
          "url": "http://seclists.org/oss-sec/2019/q4/115"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2019/12/03/4",
          "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
        },
        {
          "category": "external",
          "summary": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10",
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625"
        }
      ],
      "release_date": "2019-08-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver"
    },
    {
      "cve": "CVE-2019-19534",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2019-12-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1783540"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An information-leak flaw was found in the Linux kernel\u0027s pcan USB driver. When a device using this driver connects to the system, the stack information is leaked to the CAN bus, a controller area network for automobiles. The highest threat with this vulnerability is breach of data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19534"
        },
        {
          "category": "external",
          "summary": "RHBZ#1783540",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783540"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19534",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19534",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19534"
        }
      ],
      "release_date": "2019-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "As the devices module will be auto-loaded when the USB CAN bus adapter is connected, its can be disabled by preventing the module from loading with the following instructions:\n\n# echo \"install peak_usb /bin/true\" \u003e\u003e /etc/modprobe.d/disable-peak-usb-canbus.conf \n \nThe system will need to be restarted if the peak_usb module is already loaded. In most circumstances, the kernel modules will be unable to be unloaded while any CAN bus interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver"
    },
    {
      "cve": "CVE-2019-19537",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "discovery_date": "2019-12-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1783561"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel, where there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer. An attacker who can hotplug at least two devices of this class can cause a use-after-free situation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: race condition caused by a malicious USB device in the USB character device driver layer",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19537"
        },
        {
          "category": "external",
          "summary": "RHBZ#1783561",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783561"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19537",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19537",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19537"
        }
      ],
      "release_date": "2019-08-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Many Character devices can trigger this flaw as they leverage the lower levels of the USB subsystem.\n\nThe safest method that I have found would be to disable USB ports that are able to be attacked\nusing this method, disable them first by disallowing them from waking up from low-power states \nwith the command (Replace X with the port number available).\n\necho disabled \u003e\u003e /sys/bus/usb/devices/usbX/power/wakeup \n\nThe system must also disable the specific ports power after with the command:\n\necho suspend | sudo tee /sys/bus/usb/devices/usbX/power/level\n\nThis change not persist through system reboots and must be applied at each reboot to be effective.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: race condition caused by a malicious USB device in the USB character device driver layer"
    },
    {
      "cve": "CVE-2019-19767",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-12-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1786160"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw was found in the Linux kernel\u2019s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when inode expansion happens.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19767"
        },
        {
          "category": "external",
          "summary": "RHBZ#1786160",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786160"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19767",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19767",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19767"
        }
      ],
      "release_date": "2019-11-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "The mitigation is not to use debug_want_extra_isize parameter when mounting ext4 FS.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c"
    },
    {
      "cve": "CVE-2019-19807",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-12-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1786078"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct snd_timer_instance function fails the timer-\u003emax_instances check leading to an invalid address. This could lead to a use-after-free vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: use-after-free in sound/core/timer.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux 8 starting with RHEL-8.1.0, that is Red Hat Enterprise Linux 8.1 GA kernel version.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19807"
        },
        {
          "category": "external",
          "summary": "RHBZ#1786078",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786078"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19807"
        }
      ],
      "release_date": "2019-11-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: use-after-free in sound/core/timer.c"
    },
    {
      "cve": "CVE-2019-20054",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2019-12-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1790063"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u2019s implementation of dropping sysctl entries. A local attacker who has access to load modules on the system can trigger a condition during module load failure and panic the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20054"
        },
        {
          "category": "external",
          "summary": "RHBZ#1790063",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790063"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20054",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20054",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20054"
        }
      ],
      "release_date": "2019-12-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c"
    },
    {
      "cve": "CVE-2019-20095",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2020-01-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1791954"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s mwifiex driver implementation when connecting to other WiFi devices in \"Test Mode.\" A kernel memory leak can occur if an error condition is met during the parameter negotiation. This issue can lead to a denial of service if multiple error conditions meeting the repeated connection attempts are attempted.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20095"
        },
        {
          "category": "external",
          "summary": "RHBZ#1791954",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791954"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20095",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20095",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20095"
        }
      ],
      "release_date": "2019-12-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "As connecting to a wireless device is not automatic and initiated by a user, not connecting to rogue access points would prevent this flaw from being abused.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c"
    },
    {
      "cve": "CVE-2019-20636",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2020-04-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1824059"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: out-of-bounds write via crafted keycode table",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue was rated as having Moderate impact because of the need of physical access or administrator privileges to trigger it.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20636"
        },
        {
          "category": "external",
          "summary": "RHBZ#1824059",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824059"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20636",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20636",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20636"
        }
      ],
      "release_date": "2020-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: out-of-bounds write via crafted keycode table"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Xiumei Mu"
          ],
          "organization": "Red Hat QE Engineering",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2020-1749",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "discovery_date": "2020-03-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1809833"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: some ipv6 protocols not encrypted over ipsec tunnel",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1749"
        },
        {
          "category": "external",
          "summary": "RHBZ#1809833",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809833"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1749",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1749"
        }
      ],
      "release_date": "2020-03-04T01:29:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Disabling the IPV6 protocol may be a suitable workaround for systems that do not require the protocol to function correctly, however, if IPV6 is not in use this flaw will not be triggered.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: some ipv6 protocols not encrypted over ipsec tunnel"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Paolo Bonzini"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2020-2732",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-02-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1805135"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to potentially access information of the L1 hypervisor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2732"
        },
        {
          "category": "external",
          "summary": "RHBZ#1805135",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805135"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2732",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2732"
        }
      ],
      "release_date": "2020-02-24T18:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources"
    },
    {
      "cve": "CVE-2020-8647",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-02-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1802563"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u2019s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated as having Moderate impact because the information leak is limited.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8647"
        },
        {
          "category": "external",
          "summary": "RHBZ#1802563",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802563"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8647",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8647",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8647"
        }
      ],
      "release_date": "2020-01-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "The attack vector can be significantly reduced by preventing users from being able to log into the local virtual console.\n\nSee the instructions on disabling local login here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pam_configuration_files , See the section on \"pam_console\" to deny users logging into the console.  This mechanism should work from el6 forward to current versions of Red Hat Enterprise Linux.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c"
    },
    {
      "cve": "CVE-2020-8649",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2020-02-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1802555"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u2019s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds read can occur, leaking information to the console.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated as a having Moderate impact, it is an infoleak that is written to the screen.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8649"
        },
        {
          "category": "external",
          "summary": "RHBZ#1802555",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802555"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8649",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8649"
        }
      ],
      "release_date": "2020-01-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c"
    },
    {
      "cve": "CVE-2020-9383",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-02-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1810685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds (OOB) memory access flaw was found in the floppy driver module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-9383"
        },
        {
          "category": "external",
          "summary": "RHBZ#1810685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9383",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9383",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9383"
        }
      ],
      "release_date": "2020-02-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is to skip loading the affected floppy driver module onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c"
    },
    {
      "cve": "CVE-2020-10690",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-11-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1817141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There is a use-after-free problem seen due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: use-after-free in cdev_put() when a PTP device is removed while it\u0027s chardev is open",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is rated as having Low impact as there is a need for high privilege access to trigger this problem. This will need an access to /dev/ptpX which is privileged operation, also removing the module is needed (again, privileged operation).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10690"
        },
        {
          "category": "external",
          "summary": "RHBZ#1817141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10690",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10690",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10690"
        }
      ],
      "release_date": "2019-11-25T12:53:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: use-after-free in cdev_put() when a PTP device is removed while it\u0027s chardev is open"
    },
    {
      "cve": "CVE-2020-10732",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "discovery_date": "2020-05-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1831399"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u2019s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: uninitialized kernel data leak in userspace coredumps",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10732"
        },
        {
          "category": "external",
          "summary": "RHBZ#1831399",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831399"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10732",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10732"
        }
      ],
      "release_date": "2020-05-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Possible mitigation would be to disable core dumps system-wide by setting:\n\n* hard core 0\n\nIn the  /etc/security/limits.conf file and restarting applications/services/processes which users may have access to or simply reboot the system.  This disables core dumps which may not be a suitable workaround in your environment.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: uninitialized kernel data leak in userspace coredumps"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jay Shin"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2020-10742",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1835127"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10742"
        },
        {
          "category": "external",
          "summary": "RHBZ#1835127",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835127"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10742",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10742",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10742"
        }
      ],
      "release_date": "2020-05-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic"
    },
    {
      "cve": "CVE-2020-10751",
      "cwe": {
        "id": "CWE-349",
        "name": "Acceptance of Extraneous Untrusted Data With Trusted Data"
      },
      "discovery_date": "2020-05-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1839634"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u2019s SELinux LSM hook implementation, where it anticipated the skb would only contain a single Netlink message. The hook incorrectly validated the first Netlink message in the skb only, to allow or deny the rest of the messages within the skb with the granted permissions and without further processing. At this time, there is no known ability for an attacker to abuse this flaw.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: SELinux netlink permission check bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10751"
        },
        {
          "category": "external",
          "summary": "RHBZ#1839634",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1839634"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10751",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10751",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10751"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/",
          "url": "https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2020/04/30/5",
          "url": "https://www.openwall.com/lists/oss-security/2020/04/30/5"
        }
      ],
      "release_date": "2020-04-27T14:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: SELinux netlink permission check bypass"
    },
    {
      "cve": "CVE-2020-10942",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2020-03-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1817718"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack buffer overflow issue was found in the get_raw_socket() routine of the Host kernel accelerator for virtio net (vhost-net) driver. It could occur while doing an ictol(VHOST_NET_SET_BACKEND) call, and retrieving socket name in a kernel stack variable via get_raw_socket(). A user able to perform ioctl(2) calls on the \u0027/dev/vhost-net\u0027 device may use this flaw to crash the kernel resulting in DoS issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the kernel package as shipped with the Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the kernel package as shipped with the Red Hat Enterprise Linux 6, 7 and 8. Future kernel updates for Red Hat Enterprise Linux 6, 7 and 8 may address this issue.\n\nIt is rated to have Low impact because it is quite difficult/unlikely to be triggered by a guest (or even host) user. In case it does happen, like in the upstream report, the stack overflow shall hit the stack canaries, resulting in DoS by crashing the kernel.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10942"
        },
        {
          "category": "external",
          "summary": "RHBZ#1817718",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817718"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10942",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10942",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10942"
        }
      ],
      "release_date": "2020-03-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field"
    },
    {
      "cve": "CVE-2020-11565",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2020-04-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1824918"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write flaw was found in the Linux kernel. An empty nodelist in mempolicy.c is mishandled durig mount option parsing leading to a stack-based out-of-bounds write. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11565"
        },
        {
          "category": "external",
          "summary": "RHBZ#1824918",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824918"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11565",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11565"
        }
      ],
      "release_date": "2020-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c"
    },
    {
      "cve": "CVE-2020-12770",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2020-05-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1834845"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid (Sg_fd * sfp) pointer at the time of failure, also possibly causing a kernel internal information leak problem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: sg_write function lacks an sg_remove_request call in a certain failure case",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-12770"
        },
        {
          "category": "external",
          "summary": "RHBZ#1834845",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834845"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12770",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12770",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12770"
        }
      ],
      "release_date": "2020-04-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: sg_write function lacks an sg_remove_request call in a certain failure case"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Adam Zabrocki"
          ]
        }
      ],
      "cve": "CVE-2020-12826",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2020-03-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1822077"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel loose validation of child/parent process identification handling while filtering signal handlers.  A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: possible to send arbitrary signals to a privileged (suidroot) parent process",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-12826"
        },
        {
          "category": "external",
          "summary": "RHBZ#1822077",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12826",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12826",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12826"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1e7fd6462ca9fc76650fbe6ca800e35b24267da",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1e7fd6462ca9fc76650fbe6ca800e35b24267da"
        },
        {
          "category": "external",
          "summary": "https://lists.openwall.net/linux-kernel/2020/03/24/1803",
          "url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1",
          "url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
        }
      ],
      "release_date": "2020-05-12T05:40:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: possible to send arbitrary signals to a privileged (suidroot) parent process"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Vasily Averin"
          ],
          "organization": "Virtuozzo"
        }
      ],
      "cve": "CVE-2020-14305",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2020-06-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1850716"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds memory write flaw was found in how the Linux kernel\u2019s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: memory corruption in Voice over IP nf_conntrack_h323 module",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is rated as having Moderate impact because of being limited to only IPV6 port 1720 being used and if with particular module (nf_conntrack_h323) for Voice Over IP H.323.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
          "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
          "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
          "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14305"
        },
        {
          "category": "external",
          "summary": "RHBZ#1850716",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850716"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14305",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14305"
        },
        {
          "category": "external",
          "summary": "https://bugs.openvz.org/browse/OVZ-7188",
          "url": "https://bugs.openvz.org/browse/OVZ-7188"
        },
        {
          "category": "external",
          "summary": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/",
          "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/"
        }
      ],
      "release_date": "2020-06-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-29T19:00:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4062"
        },
        {
          "category": "workaround",
          "details": "A mitigation to this flaw would be to no longer use IPV6 on affected hardware until the kernel has been updated or to disable Voice Over IP H.323 module. Existing systems that have h323-conntrack-nat kernel module loaded will need to unload the \"nf_conntrack_h323\" kernel module and blacklist it ( See https://access.redhat.com/solutions/41278 for a guide on how to blacklist modules).",
          "product_ids": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src",
            "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch",
            "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64",
            "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: memory corruption in Voice over IP nf_conntrack_h323 module"
    }
  ]
}

CVE-2019-19523 (GCVE-0-2019-19523)

Vulnerability from cvelistv5 – Published: 2019-12-03 15:42 – Updated: 2024-08-05 02:16

Summary

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/12/03/4	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:47.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=44efc269db7929f6275a1fa927ef082e533ecde0"
          },
          {
            "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "openSUSE-SU-2020:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-13T13:06:10.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=44efc269db7929f6275a1fa927ef082e533ecde0"
        },
        {
          "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "openSUSE-SU-2020:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19523",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=44efc269db7929f6275a1fa927ef082e533ecde0",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=44efc269db7929f6275a1fa927ef082e533ecde0"
            },
            {
              "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            },
            {
              "name": "openSUSE-SU-2020:0336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19523",
    "datePublished": "2019-12-03T15:42:29.000Z",
    "dateReserved": "2019-12-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:16:47.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-18808 (GCVE-0-2019-18808)

Vulnerability from cvelistv5 – Published: 2019-11-07 15:29 – Updated: 2024-08-05 02:02

Summary

A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/128c6642…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2019120…	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4526-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4525-1/	vendor-advisoryx_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2021/09/14/1	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:02:39.733Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
          },
          {
            "name": "FEDORA-2019-b86a7bdba0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/"
          },
          {
            "name": "FEDORA-2019-124a241044",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/"
          },
          {
            "name": "openSUSE-SU-2020:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
          },
          {
            "name": "USN-4526-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4526-1/"
          },
          {
            "name": "USN-4525-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4525-1/"
          },
          {
            "name": "[oss-security] 20210914 Disclosure: CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/14/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-14T17:06:13.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
        },
        {
          "name": "FEDORA-2019-b86a7bdba0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/"
        },
        {
          "name": "FEDORA-2019-124a241044",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/"
        },
        {
          "name": "openSUSE-SU-2020:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
        },
        {
          "name": "USN-4526-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4526-1/"
        },
        {
          "name": "USN-4525-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4525-1/"
        },
        {
          "name": "[oss-security] 20210914 Disclosure: CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/14/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18808",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
            },
            {
              "name": "FEDORA-2019-b86a7bdba0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/"
            },
            {
              "name": "FEDORA-2019-124a241044",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/"
            },
            {
              "name": "openSUSE-SU-2020:0336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
            },
            {
              "name": "USN-4526-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4526-1/"
            },
            {
              "name": "USN-4525-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4525-1/"
            },
            {
              "name": "[oss-security] 20210914 Disclosure: CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/14/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18808",
    "datePublished": "2019-11-07T15:29:46.000Z",
    "dateReserved": "2019-11-07T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:02:39.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9383 (GCVE-0-2020-9383)

Vulnerability from cvelistv5 – Published: 2020-02-25 15:48 – Updated: 2024-08-04 10:26

Summary

An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/2e90ca68…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020031…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4344-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4345-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4342-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4346-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4698	vendor-advisoryx_refsource_DEBIAN
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:26:16.064Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
          },
          {
            "name": "openSUSE-SU-2020:0388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
          },
          {
            "name": "USN-4344-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4344-1/"
          },
          {
            "name": "USN-4345-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4345-1/"
          },
          {
            "name": "USN-4342-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4342-1/"
          },
          {
            "name": "USN-4346-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4346-1/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-04T22:38:50.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
        },
        {
          "name": "openSUSE-SU-2020:0388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
        },
        {
          "name": "USN-4344-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4344-1/"
        },
        {
          "name": "USN-4345-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4345-1/"
        },
        {
          "name": "USN-4342-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4342-1/"
        },
        {
          "name": "USN-4346-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4346-1/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-9383",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200313-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
            },
            {
              "name": "openSUSE-SU-2020:0388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
            },
            {
              "name": "USN-4344-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4344-1/"
            },
            {
              "name": "USN-4345-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4345-1/"
            },
            {
              "name": "USN-4342-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4342-1/"
            },
            {
              "name": "USN-4346-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4346-1/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4698"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-9383",
    "datePublished": "2020-02-25T15:48:11.000Z",
    "dateReserved": "2020-02-24T00:00:00.000Z",
    "dateUpdated": "2024-08-04T10:26:16.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-20636 (GCVE-0-2019-20636)

Vulnerability from cvelistv5 – Published: 2020-04-08 13:58 – Updated: 2024-08-05 02:46

Summary

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://github.com/torvalds/linux/commit/cb222aed…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020043…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:46:10.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200430-0004/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-10T12:04:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200430-0004/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-20636",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200430-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200430-0004/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-20636",
    "datePublished": "2020-04-08T13:58:43.000Z",
    "dateReserved": "2020-04-08T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:46:10.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10690 (GCVE-0-2020-10690)

Vulnerability from cvelistv5 – Published: 2020-05-08 13:48 – Updated: 2024-08-04 11:06

Summary

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-416

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2020060…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4419-1/	vendor-advisoryx_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	Red Hat	kernel	Affected: all kernel versions before 5.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:11.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "openSUSE-SU-2020:0801",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
          },
          {
            "name": "USN-4419-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4419-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "all kernel versions before 5.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-22T06:06:33.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "openSUSE-SU-2020:0801",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
        },
        {
          "name": "USN-4419-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4419-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-10690",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all kernel versions before 5.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "openSUSE-SU-2020:0801",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
            },
            {
              "name": "USN-4419-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4419-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-10690",
    "datePublished": "2020-05-08T13:48:30.000Z",
    "dateReserved": "2020-03-20T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:06:11.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12770 (GCVE-0-2020-12770)

Vulnerability from cvelistv5 – Published: 2020-05-09 20:16 – Updated: 2024-08-04 12:04

Summary

An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://lkml.org/lkml/2020/4/13/870	x_refsource_CONFIRM
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.netapp.com/advisory/ntap-2020060…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4698	vendor-advisoryx_refsource_DEBIAN
	https://www.debian.org/security/2020/dsa-4699	vendor-advisoryx_refsource_DEBIAN
	https://usn.ubuntu.com/4413-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4411-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4412-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4419-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4414-1/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:04:22.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2020/4/13/870"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
          },
          {
            "name": "FEDORA-2020-4c69987c40",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
          },
          {
            "name": "FEDORA-2020-c6b9fff7f8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
          },
          {
            "name": "FEDORA-2020-5a69decc0c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          },
          {
            "name": "DSA-4699",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4699"
          },
          {
            "name": "USN-4413-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4413-1/"
          },
          {
            "name": "USN-4411-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4411-1/"
          },
          {
            "name": "USN-4412-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4412-1/"
          },
          {
            "name": "USN-4419-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4419-1/"
          },
          {
            "name": "USN-4414-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4414-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T18:06:16.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lkml.org/lkml/2020/4/13/870"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
        },
        {
          "name": "FEDORA-2020-4c69987c40",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
        },
        {
          "name": "FEDORA-2020-c6b9fff7f8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
        },
        {
          "name": "FEDORA-2020-5a69decc0c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        },
        {
          "name": "DSA-4699",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4699"
        },
        {
          "name": "USN-4413-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4413-1/"
        },
        {
          "name": "USN-4411-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4411-1/"
        },
        {
          "name": "USN-4412-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4412-1/"
        },
        {
          "name": "USN-4419-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4419-1/"
        },
        {
          "name": "USN-4414-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4414-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12770",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lkml.org/lkml/2020/4/13/870",
              "refsource": "CONFIRM",
              "url": "https://lkml.org/lkml/2020/4/13/870"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
            },
            {
              "name": "FEDORA-2020-4c69987c40",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
            },
            {
              "name": "FEDORA-2020-c6b9fff7f8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
            },
            {
              "name": "FEDORA-2020-5a69decc0c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4698"
            },
            {
              "name": "DSA-4699",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4699"
            },
            {
              "name": "USN-4413-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4413-1/"
            },
            {
              "name": "USN-4411-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4411-1/"
            },
            {
              "name": "USN-4412-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4412-1/"
            },
            {
              "name": "USN-4419-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4419-1/"
            },
            {
              "name": "USN-4414-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4414-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12770",
    "datePublished": "2020-05-09T20:16:36.000Z",
    "dateReserved": "2020-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:04:22.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19807 (GCVE-0-2019-19807)

Vulnerability from cvelistv5 – Published: 2019-12-15 22:59 – Updated: 2024-08-05 02:25

Summary

In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://github.com/torvalds/linux/commit/e7af6307…	x_refsource_MISC
	https://git.kernel.org/cgit/linux/kernel/git/torv…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020010…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4227-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4225-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4227-2/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:25:12.799Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd97"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af6307a8a54f0b873960b32b6a644f2d0fbd97"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
          },
          {
            "name": "USN-4227-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-1/"
          },
          {
            "name": "USN-4225-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4225-1/"
          },
          {
            "name": "USN-4227-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-07T22:06:06.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd97"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af6307a8a54f0b873960b32b6a644f2d0fbd97"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
        },
        {
          "name": "USN-4227-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-1/"
        },
        {
          "name": "USN-4225-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4225-1/"
        },
        {
          "name": "USN-4227-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-2/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19807",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd97",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd97"
            },
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af6307a8a54f0b873960b32b6a644f2d0fbd97",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af6307a8a54f0b873960b32b6a644f2d0fbd97"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200103-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
            },
            {
              "name": "USN-4227-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4227-1/"
            },
            {
              "name": "USN-4225-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4225-1/"
            },
            {
              "name": "USN-4227-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4227-2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19807",
    "datePublished": "2019-12-15T22:59:14.000Z",
    "dateReserved": "2019-12-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:25:12.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19447 (GCVE-0-2019-19447)

Vulnerability from cvelistv5 – Published: 2019-12-08 00:48 – Updated: 2024-08-05 02:16

Summary

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/bobfuzzer/CVE/tree/master/CVE-…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020010…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:47.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "openSUSE-SU-2020:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-10T12:04:09.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "openSUSE-SU-2020:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19447",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447",
              "refsource": "MISC",
              "url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200103-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            },
            {
              "name": "openSUSE-SU-2020:0336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19447",
    "datePublished": "2019-12-08T00:48:36.000Z",
    "dateReserved": "2019-11-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:16:47.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-16994 (GCVE-0-2019-16994)

Vulnerability from cvelistv5 – Published: 2019-09-30 12:03 – Updated: 2024-08-05 01:24

Summary

In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/07f12b26…	x_refsource_MISC
	https://git.kernel.org/cgit/linux/kernel/git/torv…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2019103…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.764Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/07f12b26e21ab359261bf75cfcb424fdc7daeb6d"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07f12b26e21ab359261bf75cfcb424fdc7daeb6d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
          },
          {
            "name": "openSUSE-SU-2020:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn-\u003efb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-13T13:06:32.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/07f12b26e21ab359261bf75cfcb424fdc7daeb6d"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07f12b26e21ab359261bf75cfcb424fdc7daeb6d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
        },
        {
          "name": "openSUSE-SU-2020:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16994",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn-\u003efb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/07f12b26e21ab359261bf75cfcb424fdc7daeb6d",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/07f12b26e21ab359261bf75cfcb424fdc7daeb6d"
            },
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07f12b26e21ab359261bf75cfcb424fdc7daeb6d",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07f12b26e21ab359261bf75cfcb424fdc7daeb6d"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
            },
            {
              "name": "openSUSE-SU-2020:0336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16994",
    "datePublished": "2019-09-30T12:03:39.000Z",
    "dateReserved": "2019-09-30T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:24:48.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10942 (GCVE-0-2020-10942)

Vulnerability from cvelistv5 – Published: 2020-03-24 21:03 – Updated: 2024-08-04 11:21

Summary

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://git.kernel.org/linus/42d84c8490f9f0931786…	x_refsource_MISC
	https://lkml.org/lkml/2020/2/15/125	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020040…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2020/04/15/4	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.debian.org/security/2020/dsa-4667	vendor-advisoryx_refsource_DEBIAN
	https://usn.ubuntu.com/4344-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4345-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4342-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4364-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4698	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2020/2/15/125"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0003/"
          },
          {
            "name": "[oss-security] 20200415 CVE-2020-10942 Kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/04/15/4"
          },
          {
            "name": "openSUSE-SU-2020:0543",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
          },
          {
            "name": "DSA-4667",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4667"
          },
          {
            "name": "USN-4344-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4344-1/"
          },
          {
            "name": "USN-4345-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4345-1/"
          },
          {
            "name": "USN-4342-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4342-1/"
          },
          {
            "name": "USN-4364-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4364-1/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-10T19:06:33.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lkml.org/lkml/2020/2/15/125"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0003/"
        },
        {
          "name": "[oss-security] 20200415 CVE-2020-10942 Kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/04/15/4"
        },
        {
          "name": "openSUSE-SU-2020:0543",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
        },
        {
          "name": "DSA-4667",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4667"
        },
        {
          "name": "USN-4344-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4344-1/"
        },
        {
          "name": "USN-4345-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4345-1/"
        },
        {
          "name": "USN-4342-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4342-1/"
        },
        {
          "name": "USN-4364-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4364-1/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64",
              "refsource": "MISC",
              "url": "https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64"
            },
            {
              "name": "https://lkml.org/lkml/2020/2/15/125",
              "refsource": "MISC",
              "url": "https://lkml.org/lkml/2020/2/15/125"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0003/"
            },
            {
              "name": "[oss-security] 20200415 CVE-2020-10942 Kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/04/15/4"
            },
            {
              "name": "openSUSE-SU-2020:0543",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
            },
            {
              "name": "DSA-4667",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4667"
            },
            {
              "name": "USN-4344-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4344-1/"
            },
            {
              "name": "USN-4345-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4345-1/"
            },
            {
              "name": "USN-4342-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4342-1/"
            },
            {
              "name": "USN-4364-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4364-1/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4698"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10942",
    "datePublished": "2020-03-24T21:03:52.000Z",
    "dateReserved": "2020-03-24T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:21:14.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-16233 (GCVE-0-2019-16233)

Vulnerability from cvelistv5 – Published: 2019-09-11 15:30 – Updated: 2024-08-05 01:10

Summary

drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://lkml.org/lkml/2019/9/9/487	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2019100…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4227-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4226-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4227-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4346-1/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:10:41.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2019/9/9/487"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
          },
          {
            "name": "openSUSE-SU-2019:2444",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2019:2503",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
          },
          {
            "name": "USN-4227-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-1/"
          },
          {
            "name": "USN-4226-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4226-1/"
          },
          {
            "name": "USN-4227-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-2/"
          },
          {
            "name": "USN-4346-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4346-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-06T14:06:12.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lkml.org/lkml/2019/9/9/487"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
        },
        {
          "name": "openSUSE-SU-2019:2444",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2019:2503",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
        },
        {
          "name": "USN-4227-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-1/"
        },
        {
          "name": "USN-4226-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4226-1/"
        },
        {
          "name": "USN-4227-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-2/"
        },
        {
          "name": "USN-4346-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4346-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16233",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lkml.org/lkml/2019/9/9/487",
              "refsource": "MISC",
              "url": "https://lkml.org/lkml/2019/9/9/487"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191004-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
            },
            {
              "name": "openSUSE-SU-2019:2444",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2019:2503",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
            },
            {
              "name": "USN-4227-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4227-1/"
            },
            {
              "name": "USN-4226-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4226-1/"
            },
            {
              "name": "USN-4227-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4227-2/"
            },
            {
              "name": "USN-4346-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4346-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16233",
    "datePublished": "2019-09-11T15:30:01.000Z",
    "dateReserved": "2019-09-11T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:10:41.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19767 (GCVE-0-2019-19767)

Vulnerability from cvelistv5 – Published: 2019-12-12 19:39 – Updated: 2024-08-05 02:25

Summary

The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://bugzilla.kernel.org/show_bug.cgi?id=205707	x_refsource_MISC
	https://bugzilla.kernel.org/show_bug.cgi?id=205609	x_refsource_MISC
	https://github.com/torvalds/linux/commit/4ea99936…	x_refsource_MISC
	https://git.kernel.org/cgit/linux/kernel/git/torv…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020010…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4258-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4287-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4287-2/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4284-1/	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:25:12.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=205707"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=205609"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "USN-4258-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4258-1/"
          },
          {
            "name": "USN-4287-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-1/"
          },
          {
            "name": "USN-4287-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-2/"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "USN-4284-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4284-1/"
          },
          {
            "name": "openSUSE-SU-2020:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-13T13:06:23.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=205707"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=205609"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "USN-4258-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4258-1/"
        },
        {
          "name": "USN-4287-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-1/"
        },
        {
          "name": "USN-4287-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-2/"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "USN-4284-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4284-1/"
        },
        {
          "name": "openSUSE-SU-2020:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19767",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2"
            },
            {
              "name": "https://bugzilla.kernel.org/show_bug.cgi?id=205707",
              "refsource": "MISC",
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=205707"
            },
            {
              "name": "https://bugzilla.kernel.org/show_bug.cgi?id=205609",
              "refsource": "MISC",
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=205609"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a"
            },
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200103-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "USN-4258-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4258-1/"
            },
            {
              "name": "USN-4287-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4287-1/"
            },
            {
              "name": "USN-4287-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4287-2/"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            },
            {
              "name": "USN-4284-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4284-1/"
            },
            {
              "name": "openSUSE-SU-2020:0336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19767",
    "datePublished": "2019-12-12T19:39:40.000Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:25:12.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-20095 (GCVE-0-2019-20095)

Vulnerability from cvelistv5 – Published: 2019-12-30 04:39 – Updated: 2024-08-05 02:32

Summary

mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020020…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:32:10.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"
          },
          {
            "name": "openSUSE-SU-2020:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-13T13:06:21.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"
        },
        {
          "name": "openSUSE-SU-2020:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-20095",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200204-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"
            },
            {
              "name": "openSUSE-SU-2020:0336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-20095",
    "datePublished": "2019-12-30T04:39:55.000Z",
    "dateReserved": "2019-12-30T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:32:10.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19059 (GCVE-0-2019-19059)

Vulnerability from cvelistv5 – Published: 2019-11-18 05:24 – Updated: 2024-08-05 02:09

Summary

Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/0f4f1994…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.netapp.com/advisory/ntap-2019120…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4300-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4301-1/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:09:38.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/0f4f199443faca715523b0659aa536251d8b978f"
          },
          {
            "name": "FEDORA-2019-021c968423",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
          },
          {
            "name": "FEDORA-2019-34a75d7e61",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
          },
          {
            "name": "USN-4300-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4300-1/"
          },
          {
            "name": "USN-4301-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4301-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-02T23:06:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/0f4f199443faca715523b0659aa536251d8b978f"
        },
        {
          "name": "FEDORA-2019-021c968423",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
        },
        {
          "name": "FEDORA-2019-34a75d7e61",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
        },
        {
          "name": "USN-4300-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4300-1/"
        },
        {
          "name": "USN-4301-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4301-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19059",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/0f4f199443faca715523b0659aa536251d8b978f",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/0f4f199443faca715523b0659aa536251d8b978f"
            },
            {
              "name": "FEDORA-2019-021c968423",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
            },
            {
              "name": "FEDORA-2019-34a75d7e61",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
            },
            {
              "name": "USN-4300-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4300-1/"
            },
            {
              "name": "USN-4301-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4301-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19059",
    "datePublished": "2019-11-18T05:24:00.000Z",
    "dateReserved": "2019-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:09:38.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19534 (GCVE-0-2019-19534)

Vulnerability from cvelistv5 – Published: 2019-12-03 15:38 – Updated: 2024-08-05 02:16

Summary

In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/12/03/4	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4228-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4227-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4226-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4225-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4228-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4227-2/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4225-2/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:48.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd"
          },
          {
            "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
          },
          {
            "name": "openSUSE-SU-2019:2675",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
          },
          {
            "name": "USN-4228-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4228-1/"
          },
          {
            "name": "USN-4227-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-1/"
          },
          {
            "name": "USN-4226-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4226-1/"
          },
          {
            "name": "USN-4225-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4225-1/"
          },
          {
            "name": "USN-4228-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4228-2/"
          },
          {
            "name": "USN-4227-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-2/"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "USN-4225-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4225-2/"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-02T19:06:50.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd"
        },
        {
          "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
        },
        {
          "name": "openSUSE-SU-2019:2675",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
        },
        {
          "name": "USN-4228-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4228-1/"
        },
        {
          "name": "USN-4227-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-1/"
        },
        {
          "name": "USN-4226-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4226-1/"
        },
        {
          "name": "USN-4225-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4225-1/"
        },
        {
          "name": "USN-4228-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4228-2/"
        },
        {
          "name": "USN-4227-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-2/"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "USN-4225-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4225-2/"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19534",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd"
            },
            {
              "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
            },
            {
              "name": "openSUSE-SU-2019:2675",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
            },
            {
              "name": "USN-4228-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4228-1/"
            },
            {
              "name": "USN-4227-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4227-1/"
            },
            {
              "name": "USN-4226-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4226-1/"
            },
            {
              "name": "USN-4225-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4225-1/"
            },
            {
              "name": "USN-4228-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4228-2/"
            },
            {
              "name": "USN-4227-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4227-2/"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "USN-4225-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4225-2/"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19534",
    "datePublished": "2019-12-03T15:38:58.000Z",
    "dateReserved": "2019-12-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:16:48.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10742 (GCVE-0-2020-10742)

Vulnerability from cvelistv5 – Published: 2021-06-02 10:42 – Updated: 2024-08-04 11:14

Summary

Severity ?

No CVSS data available.

CWE

Buffer Overflow

Assigner

redhat

References

URL

Tags

https://bugzilla.redhat.com/show_bug.cgi?id=1835127

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Kernel	Affected: kernel 3.10.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:14:14.961Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835127"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 3.10.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-02T10:42:32.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835127"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-10742",
    "datePublished": "2021-06-02T10:42:32.000Z",
    "dateReserved": "2020-03-20T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:14:14.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19046 (GCVE-0-2019-19046)

Vulnerability from cvelistv5 – Published: 2019-11-18 05:23 – Updated: 2024-08-05 02:09 Disputed

Summary

A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/4aa7afb0…	x_refsource_MISC
	https://bugzilla.suse.com/show_bug.cgi?id=1157304	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4302-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4325-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4319-1/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:09:38.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157304"
          },
          {
            "name": "FEDORA-2019-021c968423",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
          },
          {
            "name": "FEDORA-2019-34a75d7e61",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
          },
          {
            "name": "openSUSE-SU-2019:2675",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
          },
          {
            "name": "USN-4302-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4302-1/"
          },
          {
            "name": "USN-4325-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4325-1/"
          },
          {
            "name": "USN-4319-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4319-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-22T18:06:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157304"
        },
        {
          "name": "FEDORA-2019-021c968423",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
        },
        {
          "name": "FEDORA-2019-34a75d7e61",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
        },
        {
          "name": "openSUSE-SU-2019:2675",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
        },
        {
          "name": "USN-4302-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4302-1/"
        },
        {
          "name": "USN-4325-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4325-1/"
        },
        {
          "name": "USN-4319-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4319-1/"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19046",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157304",
              "refsource": "MISC",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157304"
            },
            {
              "name": "FEDORA-2019-021c968423",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
            },
            {
              "name": "FEDORA-2019-34a75d7e61",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
            },
            {
              "name": "openSUSE-SU-2019:2675",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
            },
            {
              "name": "USN-4302-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4302-1/"
            },
            {
              "name": "USN-4325-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4325-1/"
            },
            {
              "name": "USN-4319-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4319-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19046",
    "datePublished": "2019-11-18T05:23:42.000Z",
    "dateReserved": "2019-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:09:38.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19530 (GCVE-0-2019-19530)

Vulnerability from cvelistv5 – Published: 2019-12-03 15:40 – Updated: 2024-08-05 02:16

Summary

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/12/03/4	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:48.461Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625"
          },
          {
            "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
          },
          {
            "name": "openSUSE-SU-2019:2675",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-02T19:06:34.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625"
        },
        {
          "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
        },
        {
          "name": "openSUSE-SU-2019:2675",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19530",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625"
            },
            {
              "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
            },
            {
              "name": "openSUSE-SU-2019:2675",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19530",
    "datePublished": "2019-12-03T15:40:38.000Z",
    "dateReserved": "2019-12-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:16:48.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19055 (GCVE-0-2019-19055)

Vulnerability from cvelistv5 – Published: 2019-11-18 05:23 – Updated: 2024-08-05 02:09 Disputed

Summary

A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/1399c59f…	x_refsource_MISC
	https://bugzilla.suse.com/show_bug.cgi?id=1157319	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://usn.ubuntu.com/4226-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4225-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4225-2/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:09:38.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157319"
          },
          {
            "name": "FEDORA-2019-021c968423",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
          },
          {
            "name": "FEDORA-2019-34a75d7e61",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
          },
          {
            "name": "USN-4226-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4226-1/"
          },
          {
            "name": "USN-4225-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4225-1/"
          },
          {
            "name": "USN-4225-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4225-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-23T17:06:06.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157319"
        },
        {
          "name": "FEDORA-2019-021c968423",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
        },
        {
          "name": "FEDORA-2019-34a75d7e61",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
        },
        {
          "name": "USN-4226-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4226-1/"
        },
        {
          "name": "USN-4225-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4225-1/"
        },
        {
          "name": "USN-4225-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4225-2/"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19055",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157319",
              "refsource": "MISC",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157319"
            },
            {
              "name": "FEDORA-2019-021c968423",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
            },
            {
              "name": "FEDORA-2019-34a75d7e61",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
            },
            {
              "name": "USN-4226-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4226-1/"
            },
            {
              "name": "USN-4225-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4225-1/"
            },
            {
              "name": "USN-4225-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4225-2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19055",
    "datePublished": "2019-11-18T05:23:54.000Z",
    "dateReserved": "2019-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:09:38.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19524 (GCVE-0-2019-19524)

Vulnerability from cvelistv5 – Published: 2019-12-03 15:42 – Updated: 2024-08-05 02:16

Summary

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/12/03/4	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4228-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4227-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4226-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4225-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4228-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4227-2/	vendor-advisoryx_refsource_UBUNTU
	https://seclists.org/bugtraq/2020/Jan/10	mailing-listx_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/155890/Slack…	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4225-2/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:48.556Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.12"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa3a5a1880c91bb92594ad42dfe9eedad7996b86"
          },
          {
            "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
          },
          {
            "name": "openSUSE-SU-2019:2675",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
          },
          {
            "name": "USN-4228-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4228-1/"
          },
          {
            "name": "USN-4227-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-1/"
          },
          {
            "name": "USN-4226-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4226-1/"
          },
          {
            "name": "USN-4225-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4225-1/"
          },
          {
            "name": "USN-4228-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4228-2/"
          },
          {
            "name": "USN-4227-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-2/"
          },
          {
            "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "USN-4225-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4225-2/"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-02T19:06:49.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.12"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa3a5a1880c91bb92594ad42dfe9eedad7996b86"
        },
        {
          "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
        },
        {
          "name": "openSUSE-SU-2019:2675",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
        },
        {
          "name": "USN-4228-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4228-1/"
        },
        {
          "name": "USN-4227-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-1/"
        },
        {
          "name": "USN-4226-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4226-1/"
        },
        {
          "name": "USN-4225-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4225-1/"
        },
        {
          "name": "USN-4228-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4228-2/"
        },
        {
          "name": "USN-4227-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-2/"
        },
        {
          "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "USN-4225-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4225-2/"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.12",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.12"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa3a5a1880c91bb92594ad42dfe9eedad7996b86",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa3a5a1880c91bb92594ad42dfe9eedad7996b86"
            },
            {
              "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
            },
            {
              "name": "openSUSE-SU-2019:2675",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
            },
            {
              "name": "USN-4228-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4228-1/"
            },
            {
              "name": "USN-4227-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4227-1/"
            },
            {
              "name": "USN-4226-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4226-1/"
            },
            {
              "name": "USN-4225-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4225-1/"
            },
            {
              "name": "USN-4228-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4228-2/"
            },
            {
              "name": "USN-4227-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4227-2/"
            },
            {
              "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/10"
            },
            {
              "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "USN-4225-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4225-2/"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19524",
    "datePublished": "2019-12-03T15:42:13.000Z",
    "dateReserved": "2019-12-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:16:48.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-20054 (GCVE-0-2019-20054)

Vulnerability from cvelistv5 – Published: 2019-12-28 04:07 – Updated: 2024-08-05 02:32

Summary

In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020020…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:32:10.518Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23da9588037ecdd4901db76a5b79a42b529c4ec3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89189557b47b35683a27c80ee78aef18248eefb4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"
          },
          {
            "name": "openSUSE-SU-2020:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-13T13:06:20.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23da9588037ecdd4901db76a5b79a42b529c4ec3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89189557b47b35683a27c80ee78aef18248eefb4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"
        },
        {
          "name": "openSUSE-SU-2020:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-20054",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23da9588037ecdd4901db76a5b79a42b529c4ec3",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23da9588037ecdd4901db76a5b79a42b529c4ec3"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89189557b47b35683a27c80ee78aef18248eefb4",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89189557b47b35683a27c80ee78aef18248eefb4"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200204-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"
            },
            {
              "name": "openSUSE-SU-2020:0336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-20054",
    "datePublished": "2019-12-28T04:07:15.000Z",
    "dateReserved": "2019-12-28T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:32:10.518Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15217 (GCVE-0-2019-15217)

Vulnerability from cvelistv5 – Published: 2019-08-19 21:46 – Updated: 2024-08-05 00:42

Summary

An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://syzkaller.appspot.com/bug?id=9c0c178c24d8…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/08/20/2	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/08/22/2	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/08/22/3	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/08/22/4	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/08/22/5	mailing-listx_refsource_MLIST
	https://security.netapp.com/advisory/ntap-2019090…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4147-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4286-2/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4286-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4302-1/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://syzkaller.appspot.com/bug?id=9c0c178c24d828a7378f483309001329750aad64"
          },
          {
            "name": "[oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"
          },
          {
            "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/08/22/2"
          },
          {
            "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3"
          },
          {
            "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4"
          },
          {
            "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/08/22/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
          },
          {
            "name": "openSUSE-SU-2019:2173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
          },
          {
            "name": "openSUSE-SU-2019:2181",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
          },
          {
            "name": "USN-4147-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4147-1/"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "USN-4286-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4286-2/"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "USN-4286-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4286-1/"
          },
          {
            "name": "USN-4302-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4302-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-04T14:06:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://syzkaller.appspot.com/bug?id=9c0c178c24d828a7378f483309001329750aad64"
        },
        {
          "name": "[oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"
        },
        {
          "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/08/22/2"
        },
        {
          "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3"
        },
        {
          "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4"
        },
        {
          "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/08/22/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
        },
        {
          "name": "openSUSE-SU-2019:2173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
        },
        {
          "name": "openSUSE-SU-2019:2181",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
        },
        {
          "name": "USN-4147-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4147-1/"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "USN-4286-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4286-2/"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "USN-4286-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4286-1/"
        },
        {
          "name": "USN-4302-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4302-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15217",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e"
            },
            {
              "name": "https://syzkaller.appspot.com/bug?id=9c0c178c24d828a7378f483309001329750aad64",
              "refsource": "MISC",
              "url": "https://syzkaller.appspot.com/bug?id=9c0c178c24d828a7378f483309001329750aad64"
            },
            {
              "name": "[oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"
            },
            {
              "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/08/22/2"
            },
            {
              "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/08/22/3"
            },
            {
              "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/08/22/4"
            },
            {
              "name": "[oss-security] 20190822 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/08/22/5"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190905-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
            },
            {
              "name": "openSUSE-SU-2019:2173",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2019:2181",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
            },
            {
              "name": "USN-4147-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4147-1/"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "USN-4286-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4286-2/"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            },
            {
              "name": "USN-4286-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4286-1/"
            },
            {
              "name": "USN-4302-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4302-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15217",
    "datePublished": "2019-08-19T21:46:17.000Z",
    "dateReserved": "2019-08-19T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:42:03.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17055 (GCVE-0-2019-17055)

Vulnerability from cvelistv5 – Published: 2019-10-01 13:10 – Updated: 2024-08-05 01:33

Summary

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://seclists.org/bugtraq/2019/Nov/11	mailing-listx_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/155212/Slack…	x_refsource_MISC
	https://usn.ubuntu.com/4185-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4184-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4186-1/	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4185-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4186-2/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2020:0790	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:33:16.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80"
          },
          {
            "name": "FEDORA-2019-41e28660ae",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/"
          },
          {
            "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "name": "USN-4185-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4185-1/"
          },
          {
            "name": "USN-4184-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4184-1/"
          },
          {
            "name": "USN-4186-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4186-1/"
          },
          {
            "name": "openSUSE-SU-2019:2503",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
          },
          {
            "name": "openSUSE-SU-2019:2507",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
          },
          {
            "name": "USN-4185-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4185-2/"
          },
          {
            "name": "USN-4186-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4186-2/"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "RHSA-2020:0790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0790"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-11T19:06:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80"
        },
        {
          "name": "FEDORA-2019-41e28660ae",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/"
        },
        {
          "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "name": "USN-4185-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4185-1/"
        },
        {
          "name": "USN-4184-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4184-1/"
        },
        {
          "name": "USN-4186-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4186-1/"
        },
        {
          "name": "openSUSE-SU-2019:2503",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
        },
        {
          "name": "openSUSE-SU-2019:2507",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
        },
        {
          "name": "USN-4185-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4185-2/"
        },
        {
          "name": "USN-4186-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4186-2/"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "RHSA-2020:0790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0790"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17055",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80"
            },
            {
              "name": "FEDORA-2019-41e28660ae",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/"
            },
            {
              "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/11"
            },
            {
              "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "USN-4185-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4185-1/"
            },
            {
              "name": "USN-4184-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4184-1/"
            },
            {
              "name": "USN-4186-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4186-1/"
            },
            {
              "name": "openSUSE-SU-2019:2503",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
            },
            {
              "name": "openSUSE-SU-2019:2507",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
            },
            {
              "name": "USN-4185-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4185-2/"
            },
            {
              "name": "USN-4186-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4186-2/"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            },
            {
              "name": "RHSA-2020:0790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0790"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17055",
    "datePublished": "2019-10-01T13:10:41.000Z",
    "dateReserved": "2019-10-01T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:33:16.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10751 (GCVE-0-2020-10751)

Vulnerability from cvelistv5 – Published: 2020-05-26 14:54 – Updated: 2024-08-04 11:14

Summary

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-349

Assigner

redhat

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2020/05/27/3	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4698	vendor-advisoryx_refsource_DEBIAN
	https://www.debian.org/security/2020/dsa-4699	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4389-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4390-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4391-1/	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4413-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4412-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
	https://www.openwall.com/lists/oss-security/2020/…	x_refsource_CONFIRM
	https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuA…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	The Linux Foundation	kernel	Affected: before 5.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:14:15.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20200527 CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/05/27/3"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          },
          {
            "name": "DSA-4699",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4699"
          },
          {
            "name": "openSUSE-SU-2020:0801",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
          },
          {
            "name": "USN-4389-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4389-1/"
          },
          {
            "name": "USN-4390-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4390-1/"
          },
          {
            "name": "USN-4391-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4391-1/"
          },
          {
            "name": "openSUSE-SU-2020:0935",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
          },
          {
            "name": "USN-4413-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4413-1/"
          },
          {
            "name": "USN-4412-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4412-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/04/30/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "The Linux Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "before 5.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-349",
              "description": "CWE-349",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-14T17:20:13.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20200527 CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/05/27/3"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        },
        {
          "name": "DSA-4699",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4699"
        },
        {
          "name": "openSUSE-SU-2020:0801",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
        },
        {
          "name": "USN-4389-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4389-1/"
        },
        {
          "name": "USN-4390-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4390-1/"
        },
        {
          "name": "USN-4391-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4391-1/"
        },
        {
          "name": "openSUSE-SU-2020:0935",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
        },
        {
          "name": "USN-4413-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4413-1/"
        },
        {
          "name": "USN-4412-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4412-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/04/30/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-10751",
    "datePublished": "2020-05-26T14:54:32.000Z",
    "dateReserved": "2020-03-20T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:14:15.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12826 (GCVE-0-2020-12826)

Vulnerability from cvelistv5 – Published: 2020-05-12 18:58 – Updated: 2024-08-04 12:04

Summary

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://www.openwall.com/lists/kernel-hardening/2…	x_refsource_MISC
	https://lists.openwall.net/linux-kernel/2020/03/24/1803	x_refsource_MISC
	https://github.com/torvalds/linux/commit/7395ea4e…	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1822077	x_refsource_CONFIRM
	https://usn.ubuntu.com/4367-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4369-1/	vendor-advisoryx_refsource_UBUNTU
	https://security.netapp.com/advisory/ntap-2020060…	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4391-1/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:04:22.878Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
          },
          {
            "name": "USN-4367-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4367-1/"
          },
          {
            "name": "USN-4369-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4369-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "USN-4391-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4391-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-22T21:06:25.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
        },
        {
          "name": "USN-4367-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4367-1/"
        },
        {
          "name": "USN-4369-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4369-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "USN-4391-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4391-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12826",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"
            },
            {
              "name": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
            },
            {
              "name": "https://lists.openwall.net/linux-kernel/2020/03/24/1803",
              "refsource": "MISC",
              "url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
            },
            {
              "name": "USN-4367-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4367-1/"
            },
            {
              "name": "USN-4369-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4369-1/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "USN-4391-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4391-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12826",
    "datePublished": "2020-05-12T18:58:48.000Z",
    "dateReserved": "2020-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:04:22.878Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15807 (GCVE-0-2019-15807)

Vulnerability from cvelistv5 – Published: 2019-08-29 17:32 – Updated: 2024-08-05 00:56

Summary

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://security.netapp.com/advisory/ntap-2019100…	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K52136304?utm_…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:56:22.756Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0541791453fbe7f42867e310e0c9eb6295364d"
          },
          {
            "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
          },
          {
            "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
          },
          {
            "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K52136304?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-08T17:06:08.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0541791453fbe7f42867e310e0c9eb6295364d"
        },
        {
          "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
        },
        {
          "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
        },
        {
          "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K52136304?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15807",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0541791453fbe7f42867e310e0c9eb6295364d",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0541791453fbe7f42867e310e0c9eb6295364d"
            },
            {
              "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
            },
            {
              "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191004-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
            },
            {
              "name": "https://support.f5.com/csp/article/K52136304?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K52136304?utm_source=f5support\u0026amp;utm_medium=RSS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15807",
    "datePublished": "2019-08-29T17:32:06.000Z",
    "dateReserved": "2019-08-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:56:22.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-9454 (GCVE-0-2019-9454)

Vulnerability from cvelistv5 – Published: 2019-09-06 21:48 – Updated: 2024-08-04 21:46

Summary

In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Severity ?

No CVSS data available.

CWE

Elevation of privilege

Assigner

google_android

References

URL

Tags

https://source.android.com/security/bulletin/pixe…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Android	Affected: Android kernel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:46:30.482Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/pixel/2019-09-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Android kernel"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-06T21:48:59.000Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://source.android.com/security/bulletin/pixel/2019-09-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2019-9454",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/pixel/2019-09-01",
              "refsource": "MISC",
              "url": "https://source.android.com/security/bulletin/pixel/2019-09-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2019-9454",
    "datePublished": "2019-09-06T21:48:59.000Z",
    "dateReserved": "2019-02-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:46:30.482Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17053 (GCVE-0-2019-17053)

Vulnerability from cvelistv5 – Published: 2019-10-01 13:11 – Updated: 2024-08-05 01:33

Summary

ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://seclists.org/bugtraq/2019/Nov/11	mailing-listx_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/155212/Slack…	x_refsource_MISC
	https://usn.ubuntu.com/4185-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4184-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4186-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4185-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4186-2/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:33:15.776Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e69dbd4619e7674c1679cba49afd9dd9ac347eef"
          },
          {
            "name": "FEDORA-2019-41e28660ae",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/"
          },
          {
            "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "name": "USN-4185-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4185-1/"
          },
          {
            "name": "USN-4184-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4184-1/"
          },
          {
            "name": "USN-4186-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4186-1/"
          },
          {
            "name": "USN-4185-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4185-2/"
          },
          {
            "name": "USN-4186-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4186-2/"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-02T19:06:58.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e69dbd4619e7674c1679cba49afd9dd9ac347eef"
        },
        {
          "name": "FEDORA-2019-41e28660ae",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/"
        },
        {
          "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "name": "USN-4185-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4185-1/"
        },
        {
          "name": "USN-4184-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4184-1/"
        },
        {
          "name": "USN-4186-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4186-1/"
        },
        {
          "name": "USN-4185-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4185-2/"
        },
        {
          "name": "USN-4186-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4186-2/"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e69dbd4619e7674c1679cba49afd9dd9ac347eef",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e69dbd4619e7674c1679cba49afd9dd9ac347eef"
            },
            {
              "name": "FEDORA-2019-41e28660ae",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/"
            },
            {
              "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/11"
            },
            {
              "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "USN-4185-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4185-1/"
            },
            {
              "name": "USN-4184-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4184-1/"
            },
            {
              "name": "USN-4186-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4186-1/"
            },
            {
              "name": "USN-4185-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4185-2/"
            },
            {
              "name": "USN-4186-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4186-2/"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17053",
    "datePublished": "2019-10-01T13:11:31.000Z",
    "dateReserved": "2019-10-01T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:33:15.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-20836 (GCVE-0-2018-20836)

Vulnerability from cvelistv5 – Published: 2019-05-07 13:04 – Updated: 2024-08-05 12:12

Summary

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/b90cd6f2…	x_refsource_MISC
	https://git.kernel.org/cgit/linux/kernel/git/torv…	x_refsource_MISC
	http://www.securityfocus.com/bid/108196	vdb-entryx_refsource_BID
	https://support.f5.com/csp/article/K11225249	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2019071…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4076-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.debian.org/security/2019/dsa-4495	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/13	mailing-listx_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Aug/18	mailing-listx_refsource_BUGTRAQ
	https://www.debian.org/security/2019/dsa-4497	vendor-advisoryx_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:12:27.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae"
          },
          {
            "name": "108196",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108196"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K11225249"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
          },
          {
            "name": "openSUSE-SU-2019:1716",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2019:1757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
          },
          {
            "name": "USN-4076-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4076-1/"
          },
          {
            "name": "DSA-4495",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4495"
          },
          {
            "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/13"
          },
          {
            "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/18"
          },
          {
            "name": "DSA-4497",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4497"
          },
          {
            "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
          },
          {
            "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-14T13:06:09.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae"
        },
        {
          "name": "108196",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108196"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K11225249"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
        },
        {
          "name": "openSUSE-SU-2019:1716",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2019:1757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
        },
        {
          "name": "USN-4076-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4076-1/"
        },
        {
          "name": "DSA-4495",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4495"
        },
        {
          "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/13"
        },
        {
          "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/18"
        },
        {
          "name": "DSA-4497",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4497"
        },
        {
          "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
        },
        {
          "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20836",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae"
            },
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae"
            },
            {
              "name": "108196",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108196"
            },
            {
              "name": "https://support.f5.com/csp/article/K11225249",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K11225249"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190719-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
            },
            {
              "name": "openSUSE-SU-2019:1716",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2019:1757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
            },
            {
              "name": "USN-4076-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4076-1/"
            },
            {
              "name": "DSA-4495",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4495"
            },
            {
              "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/13"
            },
            {
              "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/18"
            },
            {
              "name": "DSA-4497",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4497"
            },
            {
              "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
            },
            {
              "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20836",
    "datePublished": "2019-05-07T13:04:44.000Z",
    "dateReserved": "2019-05-07T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:12:27.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10732 (GCVE-0-2020-10732)

Vulnerability from cvelistv5 – Published: 2020-06-12 00:00 – Updated: 2024-08-04 11:14

Summary

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-908

Assigner

redhat

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://usn.ubuntu.com/4411-1/	vendor-advisory
	https://usn.ubuntu.com/4427-1/	vendor-advisory
	https://usn.ubuntu.com/4439-1/	vendor-advisory
	https://usn.ubuntu.com/4440-1/	vendor-advisory
	https://usn.ubuntu.com/4485-1/	vendor-advisory
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…
	https://git.kernel.org/pub/scm/linux/kernel/git/n…
	https://github.com/ruscur/linux/commit/a95cdec9fa…
	https://github.com/google/kmsan/issues/76
	https://twitter.com/grsecurity/status/12525580556…
	https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuT…
	https://security.netapp.com/advisory/ntap-2021012…

Impacted products

	Vendor	Product	Version
	Linux kernel	kernel	Affected: introduced in commit 4206d3aa1978e44f58bfa4e1c9d8d35cbf19c187

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:14:14.998Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2020:0801",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
          },
          {
            "name": "openSUSE-SU-2020:0935",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
          },
          {
            "name": "USN-4411-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4411-1/"
          },
          {
            "name": "USN-4427-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4427-1/"
          },
          {
            "name": "USN-4439-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4439-1/"
          },
          {
            "name": "USN-4440-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4440-1/"
          },
          {
            "name": "USN-4485-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4485-1/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/google/kmsan/issues/76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://twitter.com/grsecurity/status/1252558055629299712"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210129-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "Linux kernel",
          "versions": [
            {
              "status": "affected",
              "version": "introduced in commit 4206d3aa1978e44f58bfa4e1c9d8d35cbf19c187"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u0027s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "CWE-908",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2020:0801",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
        },
        {
          "name": "openSUSE-SU-2020:0935",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
        },
        {
          "name": "USN-4411-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4411-1/"
        },
        {
          "name": "USN-4427-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4427-1/"
        },
        {
          "name": "USN-4439-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4439-1/"
        },
        {
          "name": "USN-4440-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4440-1/"
        },
        {
          "name": "USN-4485-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4485-1/"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d"
        },
        {
          "url": "https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a"
        },
        {
          "url": "https://github.com/google/kmsan/issues/76"
        },
        {
          "url": "https://twitter.com/grsecurity/status/1252558055629299712"
        },
        {
          "url": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210129-0005/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-10732",
    "datePublished": "2020-06-12T00:00:00.000Z",
    "dateReserved": "2020-03-20T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:14:14.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-16231 (GCVE-0-2019-16231)

Vulnerability from cvelistv5 – Published: 2019-09-11 15:30 – Updated: 2024-08-05 01:10

Summary

drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://lkml.org/lkml/2019/9/9/487	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2019100…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4227-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4226-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4225-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4227-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4225-2/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:10:41.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2019/9/9/487"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
          },
          {
            "name": "openSUSE-SU-2019:2503",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
          },
          {
            "name": "openSUSE-SU-2019:2507",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
          },
          {
            "name": "USN-4227-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-1/"
          },
          {
            "name": "USN-4226-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4226-1/"
          },
          {
            "name": "USN-4225-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4225-1/"
          },
          {
            "name": "USN-4227-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-2/"
          },
          {
            "name": "USN-4225-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4225-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-23T17:05:59.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lkml.org/lkml/2019/9/9/487"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
        },
        {
          "name": "openSUSE-SU-2019:2503",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
        },
        {
          "name": "openSUSE-SU-2019:2507",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
        },
        {
          "name": "USN-4227-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-1/"
        },
        {
          "name": "USN-4226-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4226-1/"
        },
        {
          "name": "USN-4225-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4225-1/"
        },
        {
          "name": "USN-4227-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-2/"
        },
        {
          "name": "USN-4225-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4225-2/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16231",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lkml.org/lkml/2019/9/9/487",
              "refsource": "MISC",
              "url": "https://lkml.org/lkml/2019/9/9/487"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191004-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
            },
            {
              "name": "openSUSE-SU-2019:2503",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
            },
            {
              "name": "openSUSE-SU-2019:2507",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
            },
            {
              "name": "USN-4227-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4227-1/"
            },
            {
              "name": "USN-4226-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4226-1/"
            },
            {
              "name": "USN-4225-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4225-1/"
            },
            {
              "name": "USN-4227-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4227-2/"
            },
            {
              "name": "USN-4225-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4225-2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16231",
    "datePublished": "2019-09-11T15:30:23.000Z",
    "dateReserved": "2019-09-11T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:10:41.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19537 (GCVE-0-2019-19537)

Vulnerability from cvelistv5 – Published: 2019-12-03 15:38 – Updated: 2024-08-05 02:16

Summary

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/12/03/4	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:48.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=303911cfc5b95d33687d9046133ff184cf5043ff"
          },
          {
            "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "openSUSE-SU-2020:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-13T13:06:07.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=303911cfc5b95d33687d9046133ff184cf5043ff"
        },
        {
          "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "openSUSE-SU-2020:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=303911cfc5b95d33687d9046133ff184cf5043ff",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=303911cfc5b95d33687d9046133ff184cf5043ff"
            },
            {
              "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            },
            {
              "name": "openSUSE-SU-2020:0336",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19537",
    "datePublished": "2019-12-03T15:38:08.000Z",
    "dateReserved": "2019-12-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:16:48.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8649 (GCVE-0-2020-8649)

Vulnerability from cvelistv5 – Published: 2020-02-06 00:06 – Updated: 2024-08-04 10:03

Summary

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bugzilla.kernel.org/show_bug.cgi?id=206357	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4698	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206357"
          },
          {
            "name": "openSUSE-SU-2020:0388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-10T19:06:20.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206357"
        },
        {
          "name": "openSUSE-SU-2020:0388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-8649",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.kernel.org/show_bug.cgi?id=206357",
              "refsource": "MISC",
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206357"
            },
            {
              "name": "openSUSE-SU-2020:0388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4698"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-8649",
    "datePublished": "2020-02-06T00:06:25.000Z",
    "dateReserved": "2020-02-06T00:00:00.000Z",
    "dateUpdated": "2024-08-04T10:03:46.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-2732 (GCVE-0-2020-2732)

Vulnerability from cvelistv5 – Published: 2020-04-08 21:10 – Updated: 2024-09-30 15:47

Summary

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Linux server. Successful attacks of this vulnerability can result in authorized ability to cause a hang or frequently repeatable crash (complete DOS) of Linux Server.

Assigner

oracle

References

URL

Tags

	https://www.openwall.com/lists/oss-security/2020/…	x_refsource_MISC
	https://www.spinics.net/lists/kvm/msg208259.html	x_refsource_MISC
	https://git.kernel.org/linus/07721feee46b4b248402…	x_refsource_MISC
	https://git.kernel.org/linus/35a571346a94fb93b5b3…	x_refsource_MISC
	https://git.kernel.org/linus/e71237d3ff1abf9f3388…	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1805135	x_refsource_MISC
	https://linux.oracle.com/errata/ELSA-2020-5540.html	x_refsource_MISC
	https://linux.oracle.com/errata/ELSA-2020-5542.html	x_refsource_MISC
	https://linux.oracle.com/errata/ELSA-2020-5543.html	x_refsource_MISC
	https://www.debian.org/security/2020/dsa-4667	vendor-advisoryx_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4698	vendor-advisoryx_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Oracle Linux	Affected: 7 Affected: 6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.148Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/02/25/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/kvm/msg208259.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805135"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://linux.oracle.com/errata/ELSA-2020-5540.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://linux.oracle.com/errata/ELSA-2020-5542.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://linux.oracle.com/errata/ELSA-2020-5543.html"
          },
          {
            "name": "DSA-4667",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4667"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2732",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T15:00:48.809812Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:47:44.316Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Linux",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "7"
            },
            {
              "status": "affected",
              "version": "6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Linux server.  Successful attacks of this vulnerability can result in authorized ability to cause a hang or frequently repeatable crash (complete DOS) of Linux Server.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-10T19:06:29.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/02/25/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/kvm/msg208259.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805135"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://linux.oracle.com/errata/ELSA-2020-5540.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://linux.oracle.com/errata/ELSA-2020-5542.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://linux.oracle.com/errata/ELSA-2020-5543.html"
        },
        {
          "name": "DSA-4667",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4667"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2732",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Oracle Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "7"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.8",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Linux server.  Successful attacks of this vulnerability can result in authorized ability to cause a hang or frequently repeatable crash (complete DOS) of Linux Server."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/02/25/3",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2020/02/25/3"
            },
            {
              "name": "https://www.spinics.net/lists/kvm/msg208259.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/kvm/msg208259.html"
            },
            {
              "name": "https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec",
              "refsource": "MISC",
              "url": "https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec"
            },
            {
              "name": "https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c",
              "refsource": "MISC",
              "url": "https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c"
            },
            {
              "name": "https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d",
              "refsource": "MISC",
              "url": "https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1805135",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805135"
            },
            {
              "name": "https://linux.oracle.com/errata/ELSA-2020-5540.html",
              "refsource": "MISC",
              "url": "https://linux.oracle.com/errata/ELSA-2020-5540.html"
            },
            {
              "name": "https://linux.oracle.com/errata/ELSA-2020-5542.html",
              "refsource": "MISC",
              "url": "https://linux.oracle.com/errata/ELSA-2020-5542.html"
            },
            {
              "name": "https://linux.oracle.com/errata/ELSA-2020-5543.html",
              "refsource": "MISC",
              "url": "https://linux.oracle.com/errata/ELSA-2020-5543.html"
            },
            {
              "name": "DSA-4667",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4667"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4698"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2732",
    "datePublished": "2020-04-08T21:10:14.000Z",
    "dateReserved": "2019-12-10T00:00:00.000Z",
    "dateUpdated": "2024-09-30T15:47:44.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-14305 (GCVE-0-2020-14305)

Vulnerability from cvelistv5 – Published: 2020-12-02 00:48 – Updated: 2024-08-04 12:39

Summary

Severity ?

No CVSS data available.

CWE

CWE-787

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=1850716	x_refsource_MISC
	https://bugs.openvz.org/browse/OVZ-7188	x_refsource_MISC
	https://patchwork.ozlabs.org/project/netfilter-de…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020121…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	kernel	Affected: kernel 4.12-rc1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:36.220Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850716"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.openvz.org/browse/OVZ-7188"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201210-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 4.12-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds memory write flaw was found in how the Linux kernel\u2019s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-10T11:06:08.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850716"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.openvz.org/browse/OVZ-7188"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201210-0004/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-14305",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "kernel 4.12-rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An out-of-bounds memory write flaw was found in how the Linux kernel\u2019s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1850716",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850716"
            },
            {
              "name": "https://bugs.openvz.org/browse/OVZ-7188",
              "refsource": "MISC",
              "url": "https://bugs.openvz.org/browse/OVZ-7188"
            },
            {
              "name": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/",
              "refsource": "MISC",
              "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201210-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201210-0004/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14305",
    "datePublished": "2020-12-02T00:48:25.000Z",
    "dateReserved": "2020-06-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:39:36.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19062 (GCVE-0-2019-19062)

Vulnerability from cvelistv5 – Published: 2019-11-18 05:24 – Updated: 2024-08-05 02:09

Summary

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/ffdde593…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.netapp.com/advisory/ntap-2019120…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://seclists.org/bugtraq/2020/Jan/10	mailing-listx_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/155890/Slack…	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4254-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4254-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4258-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4287-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4287-2/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4284-1/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:09:38.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc"
          },
          {
            "name": "FEDORA-2019-021c968423",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
          },
          {
            "name": "FEDORA-2019-34a75d7e61",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
          },
          {
            "name": "openSUSE-SU-2019:2675",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
          },
          {
            "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "USN-4254-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4254-1/"
          },
          {
            "name": "USN-4254-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4254-2/"
          },
          {
            "name": "USN-4258-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4258-1/"
          },
          {
            "name": "USN-4287-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-1/"
          },
          {
            "name": "USN-4287-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-2/"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "USN-4284-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4284-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-02T20:06:23.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc"
        },
        {
          "name": "FEDORA-2019-021c968423",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
        },
        {
          "name": "FEDORA-2019-34a75d7e61",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
        },
        {
          "name": "openSUSE-SU-2019:2675",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
        },
        {
          "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "USN-4254-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4254-1/"
        },
        {
          "name": "USN-4254-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4254-2/"
        },
        {
          "name": "USN-4258-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4258-1/"
        },
        {
          "name": "USN-4287-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-1/"
        },
        {
          "name": "USN-4287-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-2/"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "USN-4284-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4284-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19062",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc"
            },
            {
              "name": "FEDORA-2019-021c968423",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
            },
            {
              "name": "FEDORA-2019-34a75d7e61",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
            },
            {
              "name": "openSUSE-SU-2019:2675",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
            },
            {
              "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/10"
            },
            {
              "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "USN-4254-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4254-1/"
            },
            {
              "name": "USN-4254-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4254-2/"
            },
            {
              "name": "USN-4258-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4258-1/"
            },
            {
              "name": "USN-4287-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4287-1/"
            },
            {
              "name": "USN-4287-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4287-2/"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            },
            {
              "name": "USN-4284-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4284-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19062",
    "datePublished": "2019-11-18T05:24:04.000Z",
    "dateReserved": "2019-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:09:38.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-18551 (GCVE-0-2017-18551)

Vulnerability from cvelistv5 – Published: 2019-08-19 01:51 – Updated: 2024-08-05 21:28

Summary

An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v4.x/Chan…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://support.f5.com/csp/article/K48073202?utm_…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:28:55.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c6efa61f5709327ecfa24bff18e57a4e80c7fa"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15"
          },
          {
            "name": "openSUSE-SU-2019:2173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
          },
          {
            "name": "openSUSE-SU-2019:2181",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K48073202?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-10T20:06:07.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c6efa61f5709327ecfa24bff18e57a4e80c7fa"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15"
        },
        {
          "name": "openSUSE-SU-2019:2173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
        },
        {
          "name": "openSUSE-SU-2019:2181",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K48073202?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-18551",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c6efa61f5709327ecfa24bff18e57a4e80c7fa",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c6efa61f5709327ecfa24bff18e57a4e80c7fa"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15"
            },
            {
              "name": "openSUSE-SU-2019:2173",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2019:2181",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
            },
            {
              "name": "https://support.f5.com/csp/article/K48073202?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K48073202?utm_source=f5support\u0026amp;utm_medium=RSS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-18551",
    "datePublished": "2019-08-19T01:51:01.000Z",
    "dateReserved": "2019-08-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T21:28:55.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-11565 (GCVE-0-2020-11565)

Vulnerability from cvelistv5 – Published: 2020-04-06 00:08 – Updated: 2024-08-04 11:35 Disputed

Summary

An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/aa9f7d51…	x_refsource_MISC
	https://git.kernel.org/cgit/linux/kernel/git/torv…	x_refsource_MISC
	https://www.debian.org/security/2020/dsa-4667	vendor-advisoryx_refsource_DEBIAN
	https://usn.ubuntu.com/4364-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4367-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4368-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4363-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4369-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4698	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-11565",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T19:42:27.772420Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T19:42:34.147Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:13.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"
          },
          {
            "name": "DSA-4667",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4667"
          },
          {
            "name": "USN-4364-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4364-1/"
          },
          {
            "name": "USN-4367-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4367-1/"
          },
          {
            "name": "USN-4368-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4368-1/"
          },
          {
            "name": "USN-4363-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4363-1/"
          },
          {
            "name": "USN-4369-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4369-1/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue \u201cis a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.\u201d"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-10T19:06:30.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"
        },
        {
          "name": "DSA-4667",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4667"
        },
        {
          "name": "USN-4364-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4364-1/"
        },
        {
          "name": "USN-4367-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4367-1/"
        },
        {
          "name": "USN-4368-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4368-1/"
        },
        {
          "name": "USN-4363-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4363-1/"
        },
        {
          "name": "USN-4369-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4369-1/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11565",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue \u201cis a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.\u201d."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"
            },
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd"
            },
            {
              "name": "DSA-4667",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4667"
            },
            {
              "name": "USN-4364-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4364-1/"
            },
            {
              "name": "USN-4367-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4367-1/"
            },
            {
              "name": "USN-4368-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4368-1/"
            },
            {
              "name": "USN-4363-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4363-1/"
            },
            {
              "name": "USN-4369-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4369-1/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4698"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11565",
    "datePublished": "2020-04-06T00:08:41.000Z",
    "dateReserved": "2020-04-06T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:35:13.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8647 (GCVE-0-2020-8647)

Vulnerability from cvelistv5 – Published: 2020-02-06 00:06 – Updated: 2024-08-04 10:03

Summary

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bugzilla.kernel.org/show_bug.cgi?id=206359	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4698	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206359"
          },
          {
            "name": "openSUSE-SU-2020:0388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-10T19:06:35.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206359"
        },
        {
          "name": "openSUSE-SU-2020:0388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-8647",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.kernel.org/show_bug.cgi?id=206359",
              "refsource": "MISC",
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206359"
            },
            {
              "name": "openSUSE-SU-2020:0388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4698"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-8647",
    "datePublished": "2020-02-06T00:06:51.000Z",
    "dateReserved": "2020-02-06T00:00:00.000Z",
    "dateUpdated": "2024-08-04T10:03:46.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19058 (GCVE-0-2019-19058)

Vulnerability from cvelistv5 – Published: 2019-11-18 05:23 – Updated: 2024-08-05 02:09

Summary

A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/b4b814fe…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.netapp.com/advisory/ntap-2019120…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4300-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4301-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4302-1/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:09:38.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/b4b814fec1a5a849383f7b3886b654a13abbda7d"
          },
          {
            "name": "FEDORA-2019-021c968423",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
          },
          {
            "name": "FEDORA-2019-34a75d7e61",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
          },
          {
            "name": "openSUSE-SU-2019:2675",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
          },
          {
            "name": "USN-4300-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4300-1/"
          },
          {
            "name": "USN-4301-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4301-1/"
          },
          {
            "name": "USN-4302-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4302-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-04T14:06:03.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/b4b814fec1a5a849383f7b3886b654a13abbda7d"
        },
        {
          "name": "FEDORA-2019-021c968423",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
        },
        {
          "name": "FEDORA-2019-34a75d7e61",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
        },
        {
          "name": "openSUSE-SU-2019:2675",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
        },
        {
          "name": "USN-4300-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4300-1/"
        },
        {
          "name": "USN-4301-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4301-1/"
        },
        {
          "name": "USN-4302-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4302-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19058",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/b4b814fec1a5a849383f7b3886b654a13abbda7d",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/b4b814fec1a5a849383f7b3886b654a13abbda7d"
            },
            {
              "name": "FEDORA-2019-021c968423",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
            },
            {
              "name": "FEDORA-2019-34a75d7e61",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
            },
            {
              "name": "openSUSE-SU-2019:2675",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
            },
            {
              "name": "USN-4300-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4300-1/"
            },
            {
              "name": "USN-4301-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4301-1/"
            },
            {
              "name": "USN-4302-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4302-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19058",
    "datePublished": "2019-11-18T05:23:58.000Z",
    "dateReserved": "2019-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:09:38.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19332 (GCVE-0-2019-19332)

Vulnerability from cvelistv5 – Published: 2020-01-09 14:41 – Updated: 2024-08-05 02:16

Summary

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-787

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://www.openwall.com/lists/oss-security/2019/…	x_refsource_MISC
	https://lore.kernel.org/kvm/000000000000ea5ec2059…	x_refsource_MISC
	http://packetstormsecurity.com/files/155890/Slack…	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4254-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4254-2/	vendor-advisoryx_refsource_UBUNTU
	https://security.netapp.com/advisory/ntap-2020020…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4258-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4287-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4287-2/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4284-1/	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

	Vendor	Product	Version
	Linux	Kernel	Affected: 3.13 through 5.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:47.112Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2019/12/16/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "USN-4254-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4254-1/"
          },
          {
            "name": "USN-4254-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4254-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"
          },
          {
            "name": "USN-4258-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4258-1/"
          },
          {
            "name": "USN-4287-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-1/"
          },
          {
            "name": "USN-4287-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-2/"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "USN-4284-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4284-1/"
          },
          {
            "name": "openSUSE-SU-2020:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13 through 5.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel\u0027s KVM hypervisor handled the \u0027KVM_GET_EMULATED_CPUID\u0027 ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the \u0027/dev/kvm\u0027 device could use this flaw to crash the system, resulting in a denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-13T13:06:31.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2019/12/16/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "USN-4254-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4254-1/"
        },
        {
          "name": "USN-4254-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4254-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"
        },
        {
          "name": "USN-4258-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4258-1/"
        },
        {
          "name": "USN-4287-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-1/"
        },
        {
          "name": "USN-4287-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-2/"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "USN-4284-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4284-1/"
        },
        {
          "name": "openSUSE-SU-2020:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-19332",
    "datePublished": "2020-01-09T14:41:03.000Z",
    "dateReserved": "2019-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:16:47.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-19063 (GCVE-0-2019-19063)

Vulnerability from cvelistv5 – Published: 2019-11-18 05:24 – Updated: 2024-08-05 02:09

Summary

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://seclists.org/bugtraq/2020/Jan/10	mailing-listx_refsource_BUGTRAQ
	https://usn.ubuntu.com/4254-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4254-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4285-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4287-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4287-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4284-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2019120…	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/3f936169…	x_refsource_MISC
	http://packetstormsecurity.com/files/155890/Slack…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:09:39.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2019-021c968423",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
          },
          {
            "name": "FEDORA-2019-34a75d7e61",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
          },
          {
            "name": "openSUSE-SU-2019:2675",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
          },
          {
            "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/10"
          },
          {
            "name": "USN-4254-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4254-1/"
          },
          {
            "name": "USN-4254-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4254-2/"
          },
          {
            "name": "USN-4285-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4285-1/"
          },
          {
            "name": "USN-4287-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-1/"
          },
          {
            "name": "USN-4287-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-2/"
          },
          {
            "name": "USN-4284-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4284-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-14T17:20:10.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2019-021c968423",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
        },
        {
          "name": "FEDORA-2019-34a75d7e61",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
        },
        {
          "name": "openSUSE-SU-2019:2675",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
        },
        {
          "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/10"
        },
        {
          "name": "USN-4254-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4254-1/"
        },
        {
          "name": "USN-4254-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4254-2/"
        },
        {
          "name": "USN-4285-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4285-1/"
        },
        {
          "name": "USN-4287-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-1/"
        },
        {
          "name": "USN-4287-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-2/"
        },
        {
          "name": "USN-4284-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4284-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19063",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2019-021c968423",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
            },
            {
              "name": "FEDORA-2019-34a75d7e61",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
            },
            {
              "name": "openSUSE-SU-2019:2675",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
            },
            {
              "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/10"
            },
            {
              "name": "USN-4254-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4254-1/"
            },
            {
              "name": "USN-4254-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4254-2/"
            },
            {
              "name": "USN-4285-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4285-1/"
            },
            {
              "name": "USN-4287-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4287-1/"
            },
            {
              "name": "USN-4287-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4287-2/"
            },
            {
              "name": "USN-4284-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4284-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb"
            },
            {
              "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19063",
    "datePublished": "2019-11-18T05:24:05.000Z",
    "dateReserved": "2019-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:09:39.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-1749 (GCVE-0-2020-1749)

Vulnerability from cvelistv5 – Published: 2020-09-09 14:35 – Updated: 2024-08-04 06:46

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-319

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2020122…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Linux Kernel	kernel	Affected: 5.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:30.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201222-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "Linux Kernel",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-22T07:06:22.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201222-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-1749",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux Kernel"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201222-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201222-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-1749",
    "datePublished": "2020-09-09T14:35:17.000Z",
    "dateReserved": "2019-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T06:46:30.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-15917 (GCVE-0-2019-15917)

Vulnerability from cvelistv5 – Published: 2019-09-04 18:09 – Updated: 2024-08-05 01:03

Summary

An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/56897b21…	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://security.netapp.com/advisory/ntap-2019100…	x_refsource_CONFIRM
	https://seclists.org/bugtraq/2020/Jan/10	mailing-listx_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/155890/Slack…	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:03:32.655Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/56897b217a1d0a91c9920cb418d6b3fe922f590a"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.5"
          },
          {
            "name": "openSUSE-SU-2019:2173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
          },
          {
            "name": "openSUSE-SU-2019:2181",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
          },
          {
            "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
          },
          {
            "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-02T19:06:40.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/56897b217a1d0a91c9920cb418d6b3fe922f590a"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.5"
        },
        {
          "name": "openSUSE-SU-2019:2173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
        },
        {
          "name": "openSUSE-SU-2019:2181",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
        },
        {
          "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
        },
        {
          "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15917",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/56897b217a1d0a91c9920cb418d6b3fe922f590a",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/56897b217a1d0a91c9920cb418d6b3fe922f590a"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.5",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.5"
            },
            {
              "name": "openSUSE-SU-2019:2173",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2019:2181",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
            },
            {
              "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191004-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
            },
            {
              "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/10"
            },
            {
              "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15917",
    "datePublished": "2019-09-04T18:09:20.000Z",
    "dateReserved": "2019-09-04T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:03:32.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-9458 (GCVE-0-2019-9458)

Vulnerability from cvelistv5 – Published: 2019-09-06 21:49 – Updated: 2024-08-04 21:46

Summary

In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Severity ?

No CVSS data available.

CWE

Elevation of privilege

Assigner

google_android

References

URL

Tags

	https://source.android.com/security/bulletin/pixe…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	Android	Affected: Android kernel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:46:30.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/pixel/2019-09-01"
          },
          {
            "name": "openSUSE-SU-2020:0543",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Android kernel"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-23T15:06:28.000Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://source.android.com/security/bulletin/pixel/2019-09-01"
        },
        {
          "name": "openSUSE-SU-2020:0543",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2019-9458",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/pixel/2019-09-01",
              "refsource": "MISC",
              "url": "https://source.android.com/security/bulletin/pixel/2019-09-01"
            },
            {
              "name": "openSUSE-SU-2020:0543",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2019-9458",
    "datePublished": "2019-09-06T21:49:41.000Z",
    "dateReserved": "2019-02-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:46:30.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2020:4062

CVE-2019-19523 (GCVE-0-2019-19523)

CVE-2019-18808 (GCVE-0-2019-18808)

CVE-2020-9383 (GCVE-0-2020-9383)

CVE-2019-20636 (GCVE-0-2019-20636)

CVE-2020-10690 (GCVE-0-2020-10690)

CVE-2020-12770 (GCVE-0-2020-12770)

CVE-2019-19807 (GCVE-0-2019-19807)

CVE-2019-19447 (GCVE-0-2019-19447)

CVE-2019-16994 (GCVE-0-2019-16994)

CVE-2020-10942 (GCVE-0-2020-10942)

CVE-2019-16233 (GCVE-0-2019-16233)

CVE-2019-19767 (GCVE-0-2019-19767)

CVE-2019-20095 (GCVE-0-2019-20095)

CVE-2019-19059 (GCVE-0-2019-19059)

CVE-2019-19534 (GCVE-0-2019-19534)

CVE-2020-10742 (GCVE-0-2020-10742)

CVE-2019-19046 (GCVE-0-2019-19046)

CVE-2019-19530 (GCVE-0-2019-19530)

CVE-2019-19055 (GCVE-0-2019-19055)

CVE-2019-19524 (GCVE-0-2019-19524)

CVE-2019-20054 (GCVE-0-2019-20054)

CVE-2019-15217 (GCVE-0-2019-15217)

CVE-2019-17055 (GCVE-0-2019-17055)

CVE-2020-10751 (GCVE-0-2020-10751)

CVE-2020-12826 (GCVE-0-2020-12826)

CVE-2019-15807 (GCVE-0-2019-15807)

CVE-2019-9454 (GCVE-0-2019-9454)

CVE-2019-17053 (GCVE-0-2019-17053)

CVE-2018-20836 (GCVE-0-2018-20836)

CVE-2020-10732 (GCVE-0-2020-10732)

CVE-2019-16231 (GCVE-0-2019-16231)

CVE-2019-19537 (GCVE-0-2019-19537)

CVE-2020-8649 (GCVE-0-2020-8649)

CVE-2020-2732 (GCVE-0-2020-2732)

CVE-2020-14305 (GCVE-0-2020-14305)

CVE-2019-19062 (GCVE-0-2019-19062)

CVE-2017-18551 (GCVE-0-2017-18551)

CVE-2020-11565 (GCVE-0-2020-11565)

CVE-2020-8647 (GCVE-0-2020-8647)

CVE-2019-19058 (GCVE-0-2019-19058)

CVE-2019-19332 (GCVE-0-2019-19332)

CVE-2019-19063 (GCVE-0-2019-19063)

CVE-2020-1749 (GCVE-0-2020-1749)

CVE-2019-15917 (GCVE-0-2019-15917)

CVE-2019-9458 (GCVE-0-2019-9458)

Tags

Sightings

Nomenclature